go/common
1
0
Fork 0
mirror of https://github.com/sonr-io/common.git synced 2026-01-12 04:09:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

No commit suggestions generated

Browse Source
This commit is contained in:
Prad Nu
2025-10-10 10:17:22 -04:00
commit 3932f0e73e
76 changed files with 13551 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
webauthn/ATTESTATION.md Normal file
View File

@@ -0,0 +1,185 @@
# WebAuthn Attestation Formats Documentation
## Overview
WebAuthn attestation is a mechanism that allows authenticators to provide cryptographic proof about their properties during registration. This document describes the different attestation formats supported by this implementation and their validation requirements.
## Supported Attestation Formats
### 1. Packed Attestation (`packed`)
The packed attestation format is a WebAuthn-specific format that supports both self-attestation and full attestation modes.
#### Characteristics
- **Format identifier**: `packed`
- **Specification**: WebAuthn Level 2, Section 8.2
- **Use cases**: General-purpose attestation format, commonly used by platform authenticators
#### Validation Algorithm
##### Full Attestation (with x5c certificate chain)
1. Verify signature over concatenation of authenticatorData and clientDataHash
2. Validate the certificate chain
3. Verify certificate requirements per §8.2.1:
- Version MUST be 3
- Subject-C: Valid ISO 3166 country code
- Subject-O: Legal name of authenticator vendor
- Subject-OU: Must be "Authenticator Attestation"
- Subject-CN: Vendor's chosen string
- AAGUID extension validation if present
- Basic Constraints: CA flag must be false
##### Self Attestation (without x5c)
1. Parse credential public key from authenticator data
2. Verify signature using the credential public key itself
3. Algorithm must match between signature and key
### 2. TPM Attestation (`tpm`)
TPM attestation uses a Trusted Platform Module to provide hardware-backed attestation.
#### Characteristics
- **Format identifier**: `tpm`
- **Specification**: WebAuthn Level 2, Section 8.3
- **Use cases**: Enterprise environments requiring hardware security
#### Validation Algorithm
1. Verify TPM attestation statement structure
2. Decode and validate pubArea (TPM public area)
3. Decode and validate certInfo (TPM attestation data):
- Verify magic value is TPM_GENERATED_VALUE
- Verify type is TPM_ST_ATTEST_CERTIFY
- Verify extraData matches hash of attToBeSigned
- Verify attested name matches pubArea
4. Validate AIK certificate chain and extensions
5. Verify signature using AIK certificate
### 3. Apple Anonymous Attestation (`apple`)
Apple's proprietary attestation format for iOS/macOS devices using the Secure Enclave.
#### Characteristics
- **Format identifier**: `apple`
- **Specification**: Apple-specific implementation
- **Use cases**: Apple devices with Touch ID/Face ID
#### Validation Algorithm
1. Extract and validate certificate chain
2. Decode Apple-specific attestation extension
3. Verify nonce matches SHA256(authenticatorData || clientDataHash)
4. Verify credential public key matches certificate public key
5. Return anonymization CA attestation type
### 4. Android Key Attestation (`android-key`)
Android's hardware-backed key attestation using the Android Keystore.
#### Characteristics
- **Format identifier**: `android-key`
- **Specification**: WebAuthn Level 2, Section 8.4
- **Use cases**: Android devices with hardware-backed keystore
#### Validation Algorithm
1. Validate certificate chain structure
2. Extract and verify Android Key attestation extension
3. Verify challenge matches clientDataHash
4. Validate key properties and security level
5. Verify certificate chain to trusted root
### 5. Android SafetyNet Attestation (`android-safetynet`)
Software-based attestation using Google's SafetyNet API.
#### Characteristics
- **Format identifier**: `android-safetynet`
- **Specification**: WebAuthn Level 2, Section 8.5
- **Use cases**: Android devices without hardware attestation support
- **Deprecated**: Being replaced by Play Integrity API
#### Validation Algorithm
1. Parse and verify JWT response from SafetyNet
2. Verify signature against Google's public keys
3. Check nonce matches hash of authenticatorData || clientDataHash
4. Validate CTS profile match and basic integrity
### 6. FIDO U2F Attestation (`fido-u2f`)
Legacy format for backward compatibility with FIDO U2F authenticators.
#### Characteristics
- **Format identifier**: `fido-u2f`
- **Specification**: FIDO U2F to WebAuthn migration
- **Use cases**: Legacy U2F security keys
#### Validation Algorithm
1. Verify signature over registration data
2. Validate attestation certificate
3. Check certificate OID for FIDO compliance
4. Verify EC P-256 key parameters
## Attestation Types
### Basic Attestation
- Authenticator provides its attestation key pair
- Uniquely identifies the authenticator model
### Self Attestation
- Credential private key signs its own attestation
- No authenticator identification possible
- Used when privacy is prioritized
### Attestation CA (Privacy CA)
- Uses anonymization CA certificates
- Provides model attestation without unique identification
- Balance between privacy and attestation
### None Attestation
- No attestation provided
- Relying party accepts authenticator without verification
- Suitable for consumer scenarios
## Security Considerations
1. **Certificate Validation**
- Always validate complete certificate chains
- Check certificate validity periods
- Verify against known root certificates
2. **Signature Verification**
- Use constant-time comparison for signatures
- Validate algorithm consistency
- Check for signature malleability
3. **Extension Validation**
- Strictly parse and validate all extensions
- Reject unknown critical extensions
- Validate extension data formats
4. **Privacy Considerations**
- Consider attestation type based on use case
- Balance security needs with user privacy
- Implement attestation conveyance preferences
## Error Handling
All attestation validation errors are wrapped with contextual information:
- `ErrAttestationFormat`: Format-specific parsing errors
- `ErrInvalidAttestation`: Validation failures
- `ErrAttestationCertificate`: Certificate validation errors
## Testing
Each attestation format includes comprehensive test coverage:
- Valid attestation verification
- Invalid signature detection
- Certificate chain validation
- Extension parsing
- Edge cases and malformed data
## References
- [WebAuthn Level 2 Specification](https://www.w3.org/TR/webauthn-2/)
- [FIDO Alliance Metadata Service](https://fidoalliance.org/metadata/)
- [TPM 2.0 Specification](https://trustedcomputinggroup.org/resource/tpm-library-specification/)
- [Android Key Attestation](https://developer.android.com/training/articles/security-key-attestation)
- [Apple Platform Authenticator](https://developer.apple.com/documentation/authenticationservices)

234
webauthn/assertion.go Normal file
View File

@@ -0,0 +1,234 @@
package webauthn
import (
"crypto/sha256"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"github.com/sonr-io/common/webauthn/webauthncose"
)
// The CredentialAssertionResponse is the raw response returned to the Relying Party from an authenticator when we request a
// credential for login/assertion.
type CredentialAssertionResponse struct {
PublicKeyCredential
AssertionResponse AuthenticatorAssertionResponse `json:"response"`
}
// The ParsedCredentialAssertionData is the parsed [CredentialAssertionResponse] that has been marshalled into a format
// that allows us to verify the client and authenticator data inside the response.
type ParsedCredentialAssertionData struct {
ParsedPublicKeyCredential
Response ParsedAssertionResponse
Raw CredentialAssertionResponse
}
// The AuthenticatorAssertionResponse contains the raw authenticator assertion data and is parsed into
// [ParsedAssertionResponse].
type AuthenticatorAssertionResponse struct {
AuthenticatorResponse
AuthenticatorData URLEncodedBase64 `json:"authenticatorData"`
Signature URLEncodedBase64 `json:"signature"`
UserHandle URLEncodedBase64 `json:"userHandle,omitempty"`
}
// ParsedAssertionResponse is the parsed form of [AuthenticatorAssertionResponse].
type ParsedAssertionResponse struct {
CollectedClientData CollectedClientData
AuthenticatorData AuthenticatorData
Signature []byte
UserHandle []byte
}
// ParseCredentialRequestResponse parses the credential request response into a format that is either required by the
// specification or makes the assertion verification steps easier to complete. This takes a [*http.Request] that contains
// the assertion response data in a raw, mostly base64 encoded format, and parses the data into manageable structures.
func ParseCredentialRequestResponse(
response *http.Request,
) (*ParsedCredentialAssertionData, error) {
if response == nil || response.Body == nil {
return nil, ErrBadRequest.WithDetails("No response given")
}
defer func(request *http.Request) {
_, _ = io.Copy(io.Discard, request.Body)
_ = request.Body.Close()
}(response)
return ParseCredentialRequestResponseBody(response.Body)
}
// ParseCredentialRequestResponseBody parses the credential request response into a format that is either required by
// the specification or makes the assertion verification steps easier to complete. This takes an [io.Reader] that contains
// the assertion response data in a raw, mostly base64 encoded format, and parses the data into manageable structures.
func ParseCredentialRequestResponseBody(
body io.Reader,
) (par *ParsedCredentialAssertionData, err error) {
var car CredentialAssertionResponse
if err = decodeBody(body, &car); err != nil {
return nil, ErrBadRequest.WithDetails("Parse error for Assertion").
WithInfo(err.Error()).
WithError(err)
}
return car.Parse()
}
// ParseCredentialRequestResponseBytes is an alternative version of [ParseCredentialRequestResponseBody] that just takes
// a byte slice.
func ParseCredentialRequestResponseBytes(
data []byte,
) (par *ParsedCredentialAssertionData, err error) {
var car CredentialAssertionResponse
if err = decodeBytes(data, &car); err != nil {
return nil, ErrBadRequest.WithDetails("Parse error for Assertion").
WithInfo(err.Error()).
WithError(err)
}
return car.Parse()
}
// Parse validates and parses the [CredentialAssertionResponse] into a [ParseCredentialCreationResponseBody]. This receiver
// is unlikely to be expressly guaranteed under the versioning policy. Users looking for this guarantee should see
// [ParseCredentialRequestResponseBody] instead, and this receiver should only be used if that function is inadequate
// for their use case.
func (car CredentialAssertionResponse) Parse() (par *ParsedCredentialAssertionData, err error) {
if car.ID == "" {
return nil, ErrBadRequest.WithDetails("CredentialAssertionResponse with ID missing")
}
if _, err = base64.RawURLEncoding.DecodeString(car.ID); err != nil {
return nil, ErrBadRequest.WithDetails("CredentialAssertionResponse with ID not base64url encoded").
WithError(err)
}
if car.Type != string(PublicKeyCredentialType) {
return nil, ErrBadRequest.WithDetails("CredentialAssertionResponse with bad type")
}
var attachment AuthenticatorAttachment
switch att := AuthenticatorAttachment(car.AuthenticatorAttachment); att {
case Platform, CrossPlatform:
attachment = att
}
par = &ParsedCredentialAssertionData{
ParsedPublicKeyCredential{
ParsedCredential{car.ID, car.Type}, car.RawID, car.ClientExtensionResults, attachment,
},
ParsedAssertionResponse{
Signature: car.AssertionResponse.Signature,
UserHandle: car.AssertionResponse.UserHandle,
},
car,
}
// Step 5. Let JSONtext be the result of running UTF-8 decode on the value of cData.
// We don't call it cData but this is Step 5 in the spec.
if err = json.Unmarshal(car.AssertionResponse.ClientDataJSON, &par.Response.CollectedClientData); err != nil {
return nil, err
}
if err = par.Response.AuthenticatorData.Unmarshal(car.AssertionResponse.AuthenticatorData); err != nil {
return nil, ErrParsingData.WithDetails("Error unmarshalling auth data").WithError(err)
}
return par, nil
}
// Verify the remaining elements of the assertion data by following the steps outlined in the referenced specification
// documentation. It's important to note that the credentialBytes field is the CBOR representation of the credential.
//
// Specification: §7.2 Verifying an Authentication Assertion (https://www.w3.org/TR/webauthn/#sctn-verifying-assertion)
func (p *ParsedCredentialAssertionData) Verify(
storedChallenge string,
relyingPartyID string,
rpOrigins, rpTopOrigins []string,
rpTopOriginsVerify TopOriginVerificationMode,
appID string,
verifyUser bool,
verifyUserPresence bool,
credentialBytes []byte,
) error {
// Steps 4 through 6 in verifying the assertion data (https://www.w3.org/TR/webauthn/#verifying-assertion) are
// "assertive" steps, i.e. "Let JSONtext be the result of running UTF-8 decode on the value of cData."
// We handle these steps in part as we verify but also beforehand
//
// Handle steps 7 through 10 of assertion by verifying stored data against the Collected Client Data
// returned by the authenticator.
validError := p.Response.CollectedClientData.Verify(
storedChallenge,
AssertCeremony,
rpOrigins,
rpTopOrigins,
rpTopOriginsVerify,
)
if validError != nil {
return validError
}
// Begin Step 11. Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the RP.
rpIDHash := sha256.Sum256([]byte(relyingPartyID))
var appIDHash [32]byte
if appID != "" {
appIDHash = sha256.Sum256([]byte(appID))
}
// Handle steps 11 through 14, verifying the authenticator data.
validError = p.Response.AuthenticatorData.Verify(
rpIDHash[:],
appIDHash[:],
verifyUser,
verifyUserPresence,
)
if validError != nil {
return validError
}
// allowedUserCredentialIDs := session.AllowedCredentialIDs
// Step 15. Let hash be the result of computing a hash over the cData using SHA-256.
clientDataHash := sha256.Sum256(p.Raw.AssertionResponse.ClientDataJSON)
// Step 16. Using the credential public key looked up in step 3, verify that sig is
// a valid signature over the binary concatenation of authData and hash.
sigData := append(p.Raw.AssertionResponse.AuthenticatorData, clientDataHash[:]...)
var (
key any
err error
)
// If the Session Data does not contain the appID extension or it wasn't reported as used by the Client/RP then we
// use the standard CTAP2 public key parser.
if appID == "" {
key, err = webauthncose.ParsePublicKey(credentialBytes)
} else {
key, err = webauthncose.ParseFIDOPublicKey(credentialBytes)
}
if err != nil {
return ErrAssertionSignature.WithDetails(fmt.Sprintf("Error parsing the assertion public key: %+v", err)).
WithError(err)
}
valid, err := webauthncose.VerifySignature(key, sigData, p.Response.Signature)
if !valid || err != nil {
return ErrAssertionSignature.WithDetails(fmt.Sprintf("Error validating the assertion signature: %+v", err)).
WithError(err)
}
return nil
}

420
webauthn/assertion_test.go Normal file
View File

@@ -0,0 +1,420 @@
package webauthn
import (
"bytes"
"crypto/sha256"
"encoding/base64"
"io"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/sonr-io/common/webauthn/webauthncbor"
)
func TestParseCredentialRequestResponse(t *testing.T) {
byteID, _ := base64.RawURLEncoding.DecodeString(
"AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
)
byteAAGUID, _ := base64.RawURLEncoding.DecodeString("rc4AAjW8xgpkiwsl8fBVAw")
byteRPIDHash, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA",
)
byteAuthData, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFXJJiGa3OAAI1vMYKZIsLJfHwVQMANwCOw-atj9C0vhWpfWU-whzNjeQS21Lpxfdk_G-omAtffWztpGoErlNOfuXWRqm9Uj9ANJck1p6lAQIDJiABIVggKAhfsdHcBIc0KPgAcRyAIK_-Vi-nCXHkRHPNaCMBZ-4iWCBxB8fGYQSBONi9uvq0gv95dGWlhJrBwCsj_a4LJQKVHQ",
)
byteSignature, _ := base64.RawURLEncoding.DecodeString(
"MEUCIBtIVOQxzFYdyWQyxaLR0tik1TnuPhGVhXVSNgFwLmN5AiEAnxXdCq0UeAVGWxOaFcjBZ_mEZoXqNboY5IkQDdlWZYc",
)
byteUserHandle, _ := base64.RawURLEncoding.DecodeString("0ToAAAAAAAAAAA")
byteCredentialPubKey, _ := base64.RawURLEncoding.DecodeString(
"pQMmIAEhWCAoCF-x0dwEhzQo-ABxHIAgr_5WL6cJceREc81oIwFn7iJYIHEHx8ZhBIE42L26-rSC_3l0ZaWEmsHAKyP9rgslApUdAQI",
)
byteClientDataJSON, _ := base64.RawURLEncoding.DecodeString(
"eyJjaGFsbGVuZ2UiOiJFNFBUY0lIX0hmWDFwQzZTaWdrMVNDOU5BbGdlenROMDQzOXZpOHpfYzlrIiwibmV3X2tleXNfbWF5X2JlX2FkZGVkX2hlcmUiOiJkbyBub3QgY29tcGFyZSBjbGllbnREYXRhSlNPTiBhZ2FpbnN0IGEgdGVtcGxhdGUuIFNlZSBodHRwczovL2dvby5nbC95YWJQZXgiLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwidHlwZSI6IndlYmF1dGhuLmdldCJ9",
)
type args struct {
responseName string
}
testCases := []struct {
name string
args args
expected *ParsedCredentialAssertionData
errString string
errType string
errDetails string
errInfo string
}{
{
name: "ShouldParseCredentialAssertion",
args: args{
"success",
},
expected: &ParsedCredentialAssertionData{
ParsedPublicKeyCredential: ParsedPublicKeyCredential{
ParsedCredential: ParsedCredential{
ID: "AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
Type: string(PublicKeyCredentialType),
},
RawID: byteID,
ClientExtensionResults: map[string]any{
"appID": "example.com",
},
},
Response: ParsedAssertionResponse{
CollectedClientData: CollectedClientData{
Type: CeremonyType("webauthn.get"),
Challenge: "E4PTcIH_HfX1pC6Sigk1SC9NAlgeztN0439vi8z_c9k",
Origin: "https://webauthn.io",
Hint: "do not compare clientDataJSON against a template. See https://goo.gl/yabPex",
},
AuthenticatorData: AuthenticatorData{
RPIDHash: byteRPIDHash,
Counter: 1553097241,
Flags: 0x045,
AttData: AttestedCredentialData{
AAGUID: byteAAGUID,
CredentialID: byteID,
CredentialPublicKey: byteCredentialPubKey,
},
},
Signature: byteSignature,
UserHandle: byteUserHandle,
},
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{
Type: string(PublicKeyCredentialType),
ID: "AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
},
RawID: byteID,
ClientExtensionResults: map[string]any{
"appID": "example.com",
},
},
AssertionResponse: AuthenticatorAssertionResponse{
AuthenticatorResponse: AuthenticatorResponse{
ClientDataJSON: byteClientDataJSON,
},
AuthenticatorData: byteAuthData,
Signature: byteSignature,
UserHandle: byteUserHandle,
},
},
},
errString: "",
},
{
name: "ShouldHandleTrailingData",
args: args{
"trailingData",
},
expected: nil,
errString: "Parse error for Assertion",
errType: "invalid_request",
errDetails: "Parse error for Assertion",
errInfo: "The body contains trailing data",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
body := io.NopCloser(
bytes.NewReader([]byte(testAssertionResponses[tc.args.responseName])),
)
actual, err := ParseCredentialRequestResponseBody(body)
if tc.errString != "" {
assert.EqualError(t, err, tc.errString)
AssertIsProtocolError(t, err, tc.errType, tc.errDetails, tc.errInfo)
return
}
require.NoError(t, err)
assert.Equal(t, tc.expected.ClientExtensionResults, actual.ClientExtensionResults)
assert.Equal(t, tc.expected.ID, actual.ID)
assert.Equal(t, tc.expected.ParsedCredential, actual.ParsedCredential)
assert.Equal(t, tc.expected.ParsedPublicKeyCredential, actual.ParsedPublicKeyCredential)
assert.Equal(t, tc.expected.Raw, actual.Raw)
assert.Equal(t, tc.expected.RawID, actual.RawID)
assert.Equal(
t,
tc.expected.Response.CollectedClientData,
actual.Response.CollectedClientData,
)
var pkExpected, pkActual any
assert.NoError(
t,
webauthncbor.Unmarshal(
tc.expected.Response.AuthenticatorData.AttData.CredentialPublicKey,
&pkExpected,
),
)
assert.NoError(
t,
webauthncbor.Unmarshal(
actual.Response.AuthenticatorData.AttData.CredentialPublicKey,
&pkActual,
),
)
assert.Equal(t, pkExpected, pkActual)
assert.NotEqual(t, nil, pkExpected)
assert.NotEqual(t, nil, pkActual)
})
}
}
func TestParsedCredentialAssertionData_Verify(t *testing.T) {
type fields struct {
ParsedPublicKeyCredential ParsedPublicKeyCredential
Response ParsedAssertionResponse
Raw CredentialAssertionResponse
}
type args struct {
storedChallenge URLEncodedBase64
relyingPartyID string
relyingPartyOrigin []string
verifyUser bool
credentialBytes []byte
}
// Helper function to create test credential
makeTestCredential := func() ParsedPublicKeyCredential {
return ParsedPublicKeyCredential{
ParsedCredential: ParsedCredential{
ID: "test-credential-id",
Type: "public-key",
},
}
}
// Helper function to create test response
makeTestResponse := func(challenge, origin string, flags byte) ParsedAssertionResponse {
// Generate valid RPID hash for "example.com"
rpidHash := sha256.Sum256([]byte("example.com"))
return ParsedAssertionResponse{
CollectedClientData: CollectedClientData{
Type: CeremonyType("webauthn.get"),
Challenge: challenge,
Origin: origin,
},
AuthenticatorData: AuthenticatorData{
RPIDHash: rpidHash[:],
Counter: 100,
Flags: AuthenticatorFlags(flags),
},
}
}
// Create a mock EC2 public key credential for testing
// This is a minimal CBOR-encoded EC2 public key
mockCredentialBytes := []byte{
0xa5, // map(5)
0x01, 0x02, // kty: 2 (EC2)
0x03, 0x26, // alg: -7 (ES256)
0x20, 0x01, // crv: 1 (P-256)
0x21, 0x58, 0x20, // x: bytes(32)
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
0x22, 0x58, 0x20, // y: bytes(32)
0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
}
tests := []struct {
name string
fields fields
args args
wantErr bool
}{
// Note: These "valid" test cases will fail at signature verification
// since we're using mock data. The purpose is to test the validation
// logic up to that point. Real signature verification is tested elsewhere.
{
name: "Valid assertion with user verification (fails at sig verify)",
fields: fields{
ParsedPublicKeyCredential: makeTestCredential(),
Response: makeTestResponse(
base64.RawURLEncoding.EncodeToString([]byte("test-challenge")),
"https://example.com",
0x05,
),
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{ID: "test-credential-id", Type: "public-key"},
},
},
},
args: args{
storedChallenge: URLEncodedBase64("test-challenge"),
relyingPartyID: "example.com",
relyingPartyOrigin: []string{"https://example.com"},
verifyUser: true,
credentialBytes: mockCredentialBytes,
},
wantErr: true, // Changed to true since sig verification will fail
},
{
name: "Invalid challenge",
fields: fields{
ParsedPublicKeyCredential: makeTestCredential(),
Response: makeTestResponse(
"wrong-challenge",
"https://example.com",
0x05,
),
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{ID: "test-credential-id", Type: "public-key"},
},
},
},
args: args{
storedChallenge: URLEncodedBase64("test-challenge"),
relyingPartyID: "example.com",
relyingPartyOrigin: []string{"https://example.com"},
verifyUser: true,
credentialBytes: mockCredentialBytes,
},
wantErr: true,
},
{
name: "Invalid origin",
fields: fields{
ParsedPublicKeyCredential: makeTestCredential(),
Response: makeTestResponse(
"test-challenge",
"https://evil.com",
0x05,
),
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{ID: "test-credential-id", Type: "public-key"},
},
},
},
args: args{
storedChallenge: URLEncodedBase64("test-challenge"),
relyingPartyID: "example.com",
relyingPartyOrigin: []string{"https://example.com"},
verifyUser: true,
credentialBytes: mockCredentialBytes,
},
wantErr: true,
},
{
name: "User verification required but not performed",
fields: fields{
ParsedPublicKeyCredential: makeTestCredential(),
Response: makeTestResponse(
"test-challenge",
"https://example.com",
0x01,
),
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{ID: "test-credential-id", Type: "public-key"},
},
},
},
args: args{
storedChallenge: URLEncodedBase64("test-challenge"),
relyingPartyID: "example.com",
relyingPartyOrigin: []string{"https://example.com"},
verifyUser: true,
credentialBytes: mockCredentialBytes,
},
wantErr: true,
},
{
name: "Valid assertion without user verification required (fails at sig verify)",
fields: fields{
ParsedPublicKeyCredential: makeTestCredential(),
Response: makeTestResponse(
base64.RawURLEncoding.EncodeToString([]byte("test-challenge")),
"https://example.com",
0x01,
),
Raw: CredentialAssertionResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{ID: "test-credential-id", Type: "public-key"},
},
},
},
args: args{
storedChallenge: URLEncodedBase64("test-challenge"),
relyingPartyID: "example.com",
relyingPartyOrigin: []string{"https://example.com"},
verifyUser: false,
credentialBytes: mockCredentialBytes,
},
wantErr: true, // Changed to true since sig verification will fail
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
p := &ParsedCredentialAssertionData{
ParsedPublicKeyCredential: tt.fields.ParsedPublicKeyCredential,
Response: tt.fields.Response,
Raw: tt.fields.Raw,
}
if err := p.Verify(tt.args.storedChallenge.String(), tt.args.relyingPartyID, tt.args.relyingPartyOrigin, nil, TopOriginIgnoreVerificationMode, "", tt.args.verifyUser, false, tt.args.credentialBytes); (err != nil) != tt.wantErr {
t.Errorf(
"ParsedCredentialAssertionData.Verify() error = %v, wantErr %v",
err,
tt.wantErr,
)
}
})
}
}
var testAssertionResponses = map[string]string{
// None Attestation - MacOS TouchID.
`success`: `{
"id":"AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
"rawId":"AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
"clientExtensionResults":{"appID":"example.com"},
"type":"public-key",
"response":{
"authenticatorData":"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFXJJiGa3OAAI1vMYKZIsLJfHwVQMANwCOw-atj9C0vhWpfWU-whzNjeQS21Lpxfdk_G-omAtffWztpGoErlNOfuXWRqm9Uj9ANJck1p6lAQIDJiABIVggKAhfsdHcBIc0KPgAcRyAIK_-Vi-nCXHkRHPNaCMBZ-4iWCBxB8fGYQSBONi9uvq0gv95dGWlhJrBwCsj_a4LJQKVHQ",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJFNFBUY0lIX0hmWDFwQzZTaWdrMVNDOU5BbGdlenROMDQzOXZpOHpfYzlrIiwibmV3X2tleXNfbWF5X2JlX2FkZGVkX2hlcmUiOiJkbyBub3QgY29tcGFyZSBjbGllbnREYXRhSlNPTiBhZ2FpbnN0IGEgdGVtcGxhdGUuIFNlZSBodHRwczovL2dvby5nbC95YWJQZXgiLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwidHlwZSI6IndlYmF1dGhuLmdldCJ9",
"signature":"MEUCIBtIVOQxzFYdyWQyxaLR0tik1TnuPhGVhXVSNgFwLmN5AiEAnxXdCq0UeAVGWxOaFcjBZ_mEZoXqNboY5IkQDdlWZYc",
"userHandle":"0ToAAAAAAAAAAA"}
}
`,
`trailingData`: `{
"id":"AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
"rawId":"AI7D5q2P0LS-Fal9ZT7CHM2N5BLbUunF92T8b6iYC199bO2kagSuU05-5dZGqb1SP0A0lyTWng",
"clientExtensionResults":{"appID":"example.com"},
"type":"public-key",
"response":{
"authenticatorData":"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBFXJJiGa3OAAI1vMYKZIsLJfHwVQMANwCOw-atj9C0vhWpfWU-whzNjeQS21Lpxfdk_G-omAtffWztpGoErlNOfuXWRqm9Uj9ANJck1p6lAQIDJiABIVggKAhfsdHcBIc0KPgAcRyAIK_-Vi-nCXHkRHPNaCMBZ-4iWCBxB8fGYQSBONi9uvq0gv95dGWlhJrBwCsj_a4LJQKVHQ",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJFNFBUY0lIX0hmWDFwQzZTaWdrMVNDOU5BbGdlenROMDQzOXZpOHpfYzlrIiwibmV3X2tleXNfbWF5X2JlX2FkZGVkX2hlcmUiOiJkbyBub3QgY29tcGFyZSBjbGllbnREYXRhSlNPTiBhZ2FpbnN0IGEgdGVtcGxhdGUuIFNlZSBodHRwczovL2dvby5nbC95YWJQZXgiLCJvcmlnaW4iOiJodHRwczovL3dlYmF1dGhuLmlvIiwidHlwZSI6IndlYmF1dGhuLmdldCJ9",
"signature":"MEUCIBtIVOQxzFYdyWQyxaLR0tik1TnuPhGVhXVSNgFwLmN5AiEAnxXdCq0UeAVGWxOaFcjBZ_mEZoXqNboY5IkQDdlWZYc",
"userHandle":"0ToAAAAAAAAAAA"}
}
trailing
`,
}

254
webauthn/attestation.go Normal file
View File

@@ -0,0 +1,254 @@
package webauthn
import (
"context"
"crypto/sha256"
"encoding/json"
"fmt"
"github.com/google/uuid"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncbor"
"github.com/sonr-io/common/webauthn/webauthncose"
)
// AuthenticatorAttestationResponse is the initial unpacked 'response' object received by the relying party. This
// contains the clientDataJSON object, which will be marshalled into [CollectedClientData], and the 'attestationObject',
// which contains information about the authenticator, and the newly minted public key credential. The information in
// both objects are used to verify the authenticity of the ceremony and new credential.
//
// See: https://www.w3.org/TR/webauthn/#typedefdef-publickeycredentialjson
type AuthenticatorAttestationResponse struct {
// The byte slice of clientDataJSON, which becomes CollectedClientData
AuthenticatorResponse
Transports []string `json:"transports,omitempty"`
AuthenticatorData URLEncodedBase64 `json:"authenticatorData"`
PublicKey URLEncodedBase64 `json:"publicKey"`
PublicKeyAlgorithm int64 `json:"publicKeyAlgorithm"`
// AttestationObject is the byte slice version of attestationObject.
// This attribute contains an attestation object, which is opaque to, and
// cryptographically protected against tampering by, the client. The
// attestation object contains both authenticator data and an attestation
// statement. The former contains the AAGUID, a unique credential ID, and
// the credential public key. The contents of the attestation statement are
// determined by the attestation statement format used by the authenticator.
// It also contains any additional information that the Relying Party's server
// requires to validate the attestation statement, as well as to decode and
// validate the authenticator data along with the JSON-serialized client data.
AttestationObject URLEncodedBase64 `json:"attestationObject"`
}
// ParsedAttestationResponse is the parsed version of [AuthenticatorAttestationResponse].
type ParsedAttestationResponse struct {
CollectedClientData CollectedClientData
AttestationObject AttestationObject
Transports []AuthenticatorTransport
}
// AttestationObject is the raw attestationObject.
//
// Authenticators SHOULD also provide some form of attestation, if possible. If an authenticator does, the basic
// requirement is that the authenticator can produce, for each credential public key, an attestation statement
// verifiable by the WebAuthn Relying Party. Typically, this attestation statement contains a signature by an
// attestation private key over the attested credential public key and a challenge, as well as a certificate or similar
// data providing provenance information for the attestation public key, enabling the Relying Party to make a trust
// decision. However, if an attestation key pair is not available, then the authenticator MAY either perform self
// attestation of the credential public key with the corresponding credential private key, or otherwise perform no
// attestation. All this information is returned by authenticators any time a new public key credential is generated, in
// the overall form of an attestation object.
//
// Specification: §6.5. Attestation (https://www.w3.org/TR/webauthn/#sctn-attestation)
type AttestationObject struct {
// The authenticator data, including the newly created public key. See [AuthenticatorData] for more info
AuthData AuthenticatorData
// The byteform version of the authenticator data, used in part for signature validation
RawAuthData []byte `json:"authData"`
// The format of the Attestation data.
Format string `json:"fmt"`
// The attestation statement data sent back if attestation is requested.
AttStatement map[string]any `json:"attStmt,omitempty"`
}
// attestationFormatValidationHandler defines the signature for attestation format validation functions.
// Returns attestation type, trust path (x5c), and error.
type attestationFormatValidationHandler func(AttestationObject, []byte, metadata.Provider) (string, []any, error)
// attestationRegistry holds all registered attestation format handlers.
// Formats are automatically registered via init() functions in their respective files.
var attestationRegistry = make(map[AttestationFormat]attestationFormatValidationHandler)
// RegisterAttestationFormat registers an attestation format handler with the library.
// This is called automatically by init() functions for built-in formats:
// - packed: WebAuthn-optimized format (attestation_packed.go)
// - tpm: Trusted Platform Module format (attestation_tpm.go)
// - apple: Apple Anonymous Attestation (attestation_apple.go)
// - android-key: Android hardware attestation (attestation_androidkey.go)
// - android-safetynet: Android SafetyNet (attestation_safetynet.go)
// - fido-u2f: Legacy FIDO U2F format (attestation_u2f.go)
//
// Custom attestation formats can be registered using this function.
func RegisterAttestationFormat(
format AttestationFormat,
handler attestationFormatValidationHandler,
) {
attestationRegistry[format] = handler
}
// Parse the values returned in the authenticator response and perform attestation verification
// Step 8. This returns a fully decoded struct with the data put into a format that can be
// used to verify the user and credential that was created.
func (ccr *AuthenticatorAttestationResponse) Parse() (p *ParsedAttestationResponse, err error) {
p = &ParsedAttestationResponse{}
if err = json.Unmarshal(ccr.ClientDataJSON, &p.CollectedClientData); err != nil {
return nil, ErrParsingData.WithInfo(err.Error()).WithError(err)
}
if err = webauthncbor.Unmarshal(ccr.AttestationObject, &p.AttestationObject); err != nil {
return nil, ErrParsingData.WithInfo(err.Error()).WithError(err)
}
// Step 8. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse
// structure to obtain the attestation statement format fmt, the authenticator data authData, and
// the attestation statement attStmt.
if err = p.AttestationObject.AuthData.Unmarshal(p.AttestationObject.RawAuthData); err != nil {
return nil, err
}
if !p.AttestationObject.AuthData.Flags.HasAttestedCredentialData() {
return nil, ErrAttestationFormat.WithInfo(
"Attestation missing attested credential data flag",
)
}
for _, t := range ccr.Transports {
if transport, ok := internalRemappedAuthenticatorTransport[t]; ok {
p.Transports = append(p.Transports, transport)
} else {
p.Transports = append(p.Transports, AuthenticatorTransport(t))
}
}
return p, nil
}
// Verify performs Steps 13 through 19 of registration verification.
//
// Steps 13 through 15 are verified against the auth data. These steps are identical to 15 through 18 for assertion so we
// handle them with AuthData.
func (a *AttestationObject) Verify(
relyingPartyID string,
clientDataHash []byte,
userVerificationRequired bool,
userPresenceRequired bool,
mds metadata.Provider,
credParams []CredentialParameter,
) (err error) {
rpIDHash := sha256.Sum256([]byte(relyingPartyID))
// Begin Step 13 through 15. Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the RP.
if err = a.AuthData.Verify(rpIDHash[:], nil, userVerificationRequired, userPresenceRequired); err != nil {
return err
}
// Step 16. Verify that the "alg" parameter in the credential public key in
// authData matches the alg attribute of one of the items in options.pubKeyCredParams.
pk := webauthncose.PublicKeyData{}
if err = webauthncbor.Unmarshal(a.AuthData.AttData.CredentialPublicKey, &pk); err != nil {
return err
}
found := false
for _, credParam := range credParams {
if int(pk.Algorithm) == int(credParam.Algorithm) {
found = true
break
}
}
if !found {
return ErrAttestationFormat.WithInfo("Credential public key algorithm not supported")
}
return a.VerifyAttestation(clientDataHash, mds)
}
// VerifyAttestation only verifies the attestation object excluding the AuthData values. If you wish to also verify the
// AuthData values you should use [Verify].
func (a *AttestationObject) VerifyAttestation(
clientDataHash []byte,
mds metadata.Provider,
) (err error) {
// Step 18. Determine the attestation statement format by performing a
// USASCII case-sensitive match on fmt against the set of supported
// WebAuthn Attestation Statement Format Identifier values. The up-to-date
// list of registered WebAuthn Attestation Statement Format Identifier
// values is maintained in the IANA registry of the same name
// [WebAuthn-Registries] (https://www.w3.org/TR/webauthn/#biblio-webauthn-registries).
//
// Since there is not an active registry yet, we'll check it against our internal
// Supported types.
//
// But first let's make sure attestation is present. If it isn't, we don't need to handle
// any of the following steps.
if AttestationFormat(a.Format) == AttestationFormatNone {
if len(a.AttStatement) != 0 {
return ErrAttestationFormat.WithInfo("Attestation format none with attestation present")
}
return nil
}
var (
handler attestationFormatValidationHandler
valid bool
)
if handler, valid = attestationRegistry[AttestationFormat(a.Format)]; !valid {
return ErrAttestationFormat.WithInfo(
fmt.Sprintf("Attestation format %s is unsupported", a.Format),
)
}
var (
aaguid uuid.UUID
attestationType string
x5cs []any
)
// Step 19. Verify that attStmt is a correct attestation statement, conveying a valid attestation signature, by using
// the attestation statement format fmts verification procedure given attStmt, authData and the hash of the serialized
// client data computed in step 7.
if attestationType, x5cs, err = handler(*a, clientDataHash, mds); err != nil {
return err.(*Error).WithInfo(attestationType)
}
if len(a.AuthData.AttData.AAGUID) != 0 {
if aaguid, err = uuid.FromBytes(a.AuthData.AttData.AAGUID); err != nil {
return ErrInvalidAttestation.WithInfo("Error occurred parsing AAGUID during attestation validation").
WithDetails(err.Error()).
WithError(err)
}
}
if mds == nil {
return nil
}
var protoErr *Error
if protoErr = ValidateMetadata(context.Background(), mds, aaguid, attestationType, x5cs); protoErr != nil {
return ErrInvalidAttestation.WithInfo(fmt.Sprintf("Error occurred validating metadata during attestation validation: %+v", protoErr)).
WithDetails(protoErr.DevInfo).
WithError(protoErr)
}
return nil
}

263
webauthn/attestation_androidkey.go Normal file
View File

@@ -0,0 +1,263 @@
package webauthn
import (
"bytes"
"crypto/x509"
"encoding/asn1"
"fmt"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func init() {
RegisterAttestationFormat(AttestationFormatAndroidKey, verifyAndroidKeyFormat)
}
// The android-key attestation statement looks like:
// $$attStmtType //= (
//
// fmt: "android-key",
// attStmt: androidStmtFormat
//
// )
//
// androidStmtFormat = {
// alg: COSEAlgorithmIdentifier,
// sig: bytes,
// x5c: [ credCert: bytes, * (caCert: bytes) ]
// }
//
// Specification: §8.4. Android Key Attestation Statement Format (https://www.w3.org/TR/webauthn/#sctn-android-key-attestation)
func verifyAndroidKeyFormat(
att AttestationObject,
clientDataHash []byte,
_ metadata.Provider,
) (string, []any, error) {
// Given the verification procedure inputs attStmt, authenticatorData and clientDataHash, the verification procedure is as follows:
// §8.4.1. Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract
// the contained fields.
// Get the alg value - A COSEAlgorithmIdentifier containing the identifier of the algorithm
// used to generate the attestation signature.
alg, present := att.AttStatement[stmtAlgorithm].(int64)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving alg value")
}
// Get the sig value - A byte string containing the attestation signature.
sig, present := att.AttStatement[stmtSignature].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving sig value")
}
// If x5c is not present, return an error
x5c, x509present := att.AttStatement[stmtX5C].([]any)
if !x509present {
// Handle Basic Attestation steps for the x509 Certificate
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving x5c value")
}
// §8.4.2. Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash
// using the public key in the first certificate in x5c with the algorithm specified in alg.
attCertBytes, valid := x5c[0].([]byte)
if !valid {
return "", nil, ErrAttestation.WithDetails("Error getting certificate from x5c cert chain")
}
signatureData := append(att.RawAuthData, clientDataHash...)
attCert, err := x509.ParseCertificate(attCertBytes)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails(fmt.Sprintf("Error parsing certificate from ASN.1 data: %+v", err)).
WithError(err)
}
coseAlg := webauthncose.COSEAlgorithmIdentifier(alg)
if err = attCert.CheckSignature(webauthncose.SigAlgFromCOSEAlg(coseAlg), signatureData, sig); err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Signature validation error: %+v\n", err)).
WithError(err)
}
// Verify that the public key in the first certificate in x5c matches the credentialPublicKey in the attestedCredentialData in authenticatorData.
pubKey, err := webauthncose.ParsePublicKey(att.AuthData.AttData.CredentialPublicKey)
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error parsing public key: %+v\n", err)).
WithError(err)
}
e := pubKey.(webauthncose.EC2PublicKeyData)
valid, err = e.Verify(signatureData, sig)
if err != nil || !valid {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error parsing public key: %+v\n", err)).
WithError(err)
}
// §8.4.3. Verify that the attestationChallenge field in the attestation certificate extension data is identical to clientDataHash.
// attCert.Extensions
var attExtBytes []byte
for _, ext := range attCert.Extensions {
if ext.Id.Equal([]int{1, 3, 6, 1, 4, 1, 11129, 2, 1, 17}) {
attExtBytes = ext.Value
}
}
if len(attExtBytes) == 0 {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate extensions missing 1.3.6.1.4.1.11129.2.1.17",
)
}
// As noted in §8.4.1 (https://www.w3.org/TR/webauthn/#key-attstn-cert-requirements) the Android Key Attestation attestation certificate's
// android key attestation certificate extension data is identified by the OID "1.3.6.1.4.1.11129.2.1.17".
decoded := keyDescription{}
if _, err = asn1.Unmarshal(attExtBytes, &decoded); err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Unable to parse Android key attestation certificate extensions").
WithError(err)
}
// Verify that the attestationChallenge field in the attestation certificate extension data is identical to clientDataHash.
if bytes.Compare(decoded.AttestationChallenge, clientDataHash) != 0 {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation challenge not equal to clientDataHash",
)
}
// The AuthorizationList.allApplications field is not present on either authorization list (softwareEnforced nor teeEnforced), since PublicKeyCredential MUST be scoped to the RP ID.
if nil != decoded.SoftwareEnforced.AllApplications ||
nil != decoded.TeeEnforced.AllApplications {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate extensions contains all applications field",
)
}
// For the following, use only the teeEnforced authorization list if the RP wants to accept only keys from a trusted execution environment, otherwise use the union of teeEnforced and softwareEnforced.
// The value in the AuthorizationList.origin field is equal to KM_ORIGIN_GENERATED. (which == 0)
if KM_ORIGIN_GENERATED != decoded.SoftwareEnforced.Origin ||
KM_ORIGIN_GENERATED != decoded.TeeEnforced.Origin {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate extensions contains authorization list with origin not equal KM_ORIGIN_GENERATED",
)
}
// The value in the AuthorizationList.purpose field is equal to KM_PURPOSE_SIGN. (which == 2)
if !contains(decoded.SoftwareEnforced.Purpose, KM_PURPOSE_SIGN) &&
!contains(decoded.TeeEnforced.Purpose, KM_PURPOSE_SIGN) {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate extensions contains authorization list with purpose not equal KM_PURPOSE_SIGN",
)
}
return string(metadata.BasicFull), x5c, err
}
func contains(s []int, e int) bool {
for _, a := range s {
if a == e {
return true
}
}
return false
}
type keyDescription struct {
AttestationVersion int
AttestationSecurityLevel asn1.Enumerated
KeymasterVersion int
KeymasterSecurityLevel asn1.Enumerated
AttestationChallenge []byte
UniqueID []byte
SoftwareEnforced authorizationList
TeeEnforced authorizationList
}
type authorizationList struct {
Purpose []int `asn1:"tag:1,explicit,set,optional"`
Algorithm int `asn1:"tag:2,explicit,optional"`
KeySize int `asn1:"tag:3,explicit,optional"`
Digest []int `asn1:"tag:5,explicit,set,optional"`
Padding []int `asn1:"tag:6,explicit,set,optional"`
EcCurve int `asn1:"tag:10,explicit,optional"`
RsaPublicExponent int `asn1:"tag:200,explicit,optional"`
RollbackResistance any `asn1:"tag:303,explicit,optional"`
ActiveDateTime int `asn1:"tag:400,explicit,optional"`
OriginationExpireDateTime int `asn1:"tag:401,explicit,optional"`
UsageExpireDateTime int `asn1:"tag:402,explicit,optional"`
NoAuthRequired any `asn1:"tag:503,explicit,optional"`
UserAuthType int `asn1:"tag:504,explicit,optional"`
AuthTimeout int `asn1:"tag:505,explicit,optional"`
AllowWhileOnBody any `asn1:"tag:506,explicit,optional"`
TrustedUserPresenceRequired any `asn1:"tag:507,explicit,optional"`
TrustedConfirmationRequired any `asn1:"tag:508,explicit,optional"`
UnlockedDeviceRequired any `asn1:"tag:509,explicit,optional"`
AllApplications any `asn1:"tag:600,explicit,optional"`
ApplicationID any `asn1:"tag:601,explicit,optional"`
CreationDateTime int `asn1:"tag:701,explicit,optional"`
Origin int `asn1:"tag:702,explicit,optional"`
RootOfTrust rootOfTrust `asn1:"tag:704,explicit,optional"`
OsVersion int `asn1:"tag:705,explicit,optional"`
OsPatchLevel int `asn1:"tag:706,explicit,optional"`
AttestationApplicationID []byte `asn1:"tag:709,explicit,optional"`
AttestationIDBrand []byte `asn1:"tag:710,explicit,optional"`
AttestationIDDevice []byte `asn1:"tag:711,explicit,optional"`
AttestationIDProduct []byte `asn1:"tag:712,explicit,optional"`
AttestationIDSerial []byte `asn1:"tag:713,explicit,optional"`
AttestationIDImei []byte `asn1:"tag:714,explicit,optional"`
AttestationIDMeid []byte `asn1:"tag:715,explicit,optional"`
AttestationIDManufacturer []byte `asn1:"tag:716,explicit,optional"`
AttestationIDModel []byte `asn1:"tag:717,explicit,optional"`
VendorPatchLevel int `asn1:"tag:718,explicit,optional"`
BootPatchLevel int `asn1:"tag:719,explicit,optional"`
}
type rootOfTrust struct {
verifiedBootKey []byte
deviceLocked bool
verifiedBootState verifiedBootState
verifiedBootHash []byte
}
type verifiedBootState int
const (
Verified verifiedBootState = iota
SelfSigned
Unverified
Failed
)
/**
* The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found
* in either the hardware-enforced or software-enforced list for a key, indicating whether the key
* is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the
* hardware-enforced list is guaranteed never to have existed outide the secure hardware.
*/
type KM_KEY_ORIGIN int
const (
KM_ORIGIN_GENERATED = iota /* Generated in keymaster. Should not exist outside the TEE. */
KM_ORIGIN_DERIVED /* Derived inside keymaster. Likely exists off-device. */
KM_ORIGIN_IMPORTED /* Imported into keymaster. Existed as clear text in Android. */
KM_ORIGIN_UNKNOWN /* Keymaster did not record origin. This value can only be seen on
* keys in a keymaster0 implementation. The keymaster0 adapter uses
* this value to document the fact that it is unknown whether the key
* was generated inside or imported into keymaster. */
)
/**
* Possible purposes of a key (or pair).
*/
type KM_PURPOSE int
const (
KM_PURPOSE_ENCRYPT = iota /* Usable with RSA, EC and AES keys. */
KM_PURPOSE_DECRYPT /* Usable with RSA, EC and AES keys. */
KM_PURPOSE_SIGN /* Usable with RSA, EC and HMAC keys. */
KM_PURPOSE_VERIFY /* Usable with RSA, EC and HMAC keys. */
KM_PURPOSE_DERIVE_KEY /* Usable with EC keys. */
KM_PURPOSE_WRAP /* Usable with wrapped keys. */
)

103
webauthn/attestation_androidkey_test.go Normal file
View File

@@ -0,0 +1,103 @@
package webauthn
import (
"crypto/sha256"
"testing"
"github.com/sonr-io/common/webauthn/metadata"
)
func TestVerifyAndroidKeyFormat(t *testing.T) {
type args struct {
att AttestationObject
clientDataHash []byte
}
successAttResponse0 := attestationTestUnpackResponse(
t,
androidKeyTestResponse0["success"],
).Response.AttestationObject
successClientDataHash0 := sha256.Sum256(
attestationTestUnpackResponse(
t,
androidKeyTestResponse0["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
successAttResponse1 := attestationTestUnpackResponse(
t,
androidKeyTestResponse1["success"],
).Response.AttestationObject
successClientDataHash1 := sha256.Sum256(
attestationTestUnpackResponse(
t,
androidKeyTestResponse1["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
tests := []struct {
name string
args args
want string
want1 []any
wantErr bool
}{
{
"success",
args{
successAttResponse0,
successClientDataHash0[:],
},
string(metadata.BasicFull),
nil,
false,
},
{
"success",
args{
successAttResponse1,
successClientDataHash1[:],
},
string(metadata.BasicFull),
nil,
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, _, err := verifyAndroidKeyFormat(tt.args.att, tt.args.clientDataHash, nil)
if (err != nil) != tt.wantErr {
t.Errorf("verifyAndroidKeyFormat() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("verifyAndroidKeyFormat() got = %v, want %v", got, tt.want)
}
})
}
}
var androidKeyTestResponse0 = map[string]string{
`success`: `{
"rawId": "U5cxFNxLbU9-SAi1K7k9atYwXhghkAMbxpL__VPtBlw",
"id": "U5cxFNxLbU9-SAi1K7k9atYwXhghkAMbxpL__VPtBlw",
"response": {
"clientDataJSON": "eyJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo0NDMyOSIsImNoYWxsZW5nZSI6IjlNNWY3bGp5MVl2UWNzOE9pV1FWQ3ciLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0",
"attestationObject": "o2NmbXRrYW5kcm9pZC1rZXlnYXR0U3RtdKNjYWxnJmNzaWdYSDBGAiEAlbQ-jtl8o9GtEstcEFH1Z_NlYsTYSn96lilEF17oEsMCIQDza5_axjn2jKZO63RlVf47DDFZbceW9b_tsh1nwOYQbmN4NWOCWQMFMIIDATCCAqegAwIBAgIBATAKBggqhkjOPQQDAjCBzjFFMEMGA1UEAww8RkFLRSBBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIEludGVybWVkaWF0ZSBGQUtFMTEwLwYJKoZIhvcNAQkBFiJjb25mb3JtYW5jZS10b29sc0BmaWRvYWxsaWFuY2Uub3JnMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMQwwCgYDVQQLDANDV0cxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNWTESMBAGA1UEBwwJV2FrZWZpZWxkMCAXDTcwMDIwMTAwMDAwMFoYDzIwOTkwMTMxMjM1OTU5WjApMScwJQYDVQQDDB5GQUtFIEFuZHJvaWQgS2V5c3RvcmUgS2V5IEZBS0UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQbh-BQBJz7JeQ27dVvu3tyRieiEeXyDYoaWatRdy_D7q3TK96jumKlwIl5ZA2zHmKNLz4K2zsANq1X4tHp8MNZo4IBFjCCARIwCwYDVR0PBAQDAgeAMIHhBgorBgEEAdZ5AgERBIHSMIHPAgECCgEAAgEBCgEABCDc0UoXtU1CwwItW3ne2faKDcFCabFI31BufXEFVK_ENwQAMGm_hT0IAgYBXtPjz6C_hUVZBFcwVTEvMC0EKGNvbS5hbmRyb2lkLmtleXN0b3JlLmFuZHJvaWRrZXlzdG9yZWRlbW8CAQExIgQgdM_LUHSI9SkQhZHHpQWRnzJ3MvvB2ANSauqYAAbS2JgwMqEFMQMCAQKiAwIBA6MEAgIBAKUFMQMCAQSqAwIBAb-DeAMCAQK_hT4DAgEAv4U_AgUAMB8GA1UdIwQYMBaAFFKaGzLgVqrNUQ_vX4A3BovykSMdMAoGCCqGSM49BAMCA0gAMEUCIQDAPV7eQIWfL5BCmj82NszDlQ2IJsOZq_WxidwxD7On_QIgFipplgUF6OHvmHiDdaHJfFweeo60OtCDGDftjQEmF7FZAu4wggLqMIICkaADAgECAgECMAoGCCqGSM49BAMCMIHGMT0wOwYDVQQDDDRGQUtFIEFuZHJvaWQgS2V5c3RvcmUgU29mdHdhcmUgQXR0ZXN0YXRpb24gUm9vdCBGQUtFMTEwLwYJKoZIhvcNAQkBFiJjb25mb3JtYW5jZS10b29sc0BmaWRvYWxsaWFuY2Uub3JnMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMQwwCgYDVQQLDANDV0cxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNWTESMBAGA1UEBwwJV2FrZWZpZWxkMB4XDTE4MDUwOTEyMzE0NFoXDTQ1MDkyNDEyMzE0NFowgc4xRTBDBgNVBAMMPEZBS0UgQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUgRkFLRTExMC8GCSqGSIb3DQEJARYiY29uZm9ybWFuY2UtdG9vbHNAZmlkb2FsbGlhbmNlLm9yZzEWMBQGA1UECgwNRklETyBBbGxpYW5jZTEMMAoGA1UECwwDQ1dHMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTVkxEjAQBgNVBAcMCVdha2VmaWVsZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKtQYStiTRe7w7UbBEk7BUkLjB-LnbzzebLe3KB8UqHXtg3TIXXcK37dvCbbCNVfhvZxtpTcME2kooqMTgOm9cejZjBkMBIGA1UdEwEB_wQIMAYBAf8CAQAwDgYDVR0PAQH_BAQDAgKEMB0GA1UdDgQWBBSj0qos7w2M8iQC1Ry0YLy_alskFDAfBgNVHSMEGDAWgBRSmhsy4FaqzVEP71-ANwaL8pEjHTAKBggqhkjOPQQDAgNHADBEAiBp3Z6j8YH7Qko5rRoK37nS4zPXhv65RWBV-j3MmXi50gIgPtMPpvcGtVbpFCQqsGbyhxPdkji8ltcYXQVfMhdUpRZoYXV0aERhdGFYpEmWDeWIDoxodDQXD2R2YFuP5K65ooYyx5lc87qDHZdjQQAAAFpVDktUqkdAn5qVGrdsEwExACBTlzEU3EttT35ICLUruT1q1jBeGCGQAxvGkv_9U-0GXKUBAgMmIAEhWCAbh-BQBJz7JeQ27dVvu3tyRieiEeXyDYoaWatRdy_D7iJYIK3TK96jumKlwIl5ZA2zHmKNLz4K2zsANq1X4tHp8MNZ"
},
"type": "public-key"
}`,
}
var androidKeyTestResponse1 = map[string]string{
`success`: `{
"id": "V51GE29tGbhby7sbg1cZ_qL8V8njqEsXpAnwQBobvgw",
"rawId": "V51GE29tGbhby7sbg1cZ_qL8V8njqEsXpAnwQBobvgw",
"response": {
"attestationObject": "o2NmbXRrYW5kcm9pZC1rZXlnYXR0U3RtdKNjYWxnJmNzaWdYRzBFAiAbZhfcF0KSXj5rdEevvnBcC8ZfRQlNl9XYWRTiIGKSHwIhAIerc7jWjOF_lJ71n_GAcaHwDUtPxkjAAdYugnZ4QxkmY3g1Y4JZAxowggMWMIICvaADAgECAgEBMAoGCCqGSM49BAMCMIHkMUUwQwYDVQQDDDxGQUtFIEFuZHJvaWQgS2V5c3RvcmUgU29mdHdhcmUgQXR0ZXN0YXRpb24gSW50ZXJtZWRpYXRlIEZBS0UxMTAvBgkqhkiG9w0BCQEWImNvbmZvcm1hbmNlLXRvb2xzQGZpZG9hbGxpYW5jZS5vcmcxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNWTESMBAGA1UEBwwJV2FrZWZpZWxkMCAXDTcwMDIwMTAwMDAwMFoYDzIwOTkwMTMxMjM1OTU5WjApMScwJQYDVQQDDB5GQUtFIEFuZHJvaWQgS2V5c3RvcmUgS2V5IEZBS0UwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARuowgSu5AoRj8Vi_ZNSFBbGUZJXFG9MkDT6jADlr7tOK9NEgjVX53-ergXpyPaFZrAR9py-xnzfjILn_Kzb8Iqo4IBFjCCARIwCwYDVR0PBAQDAgeAMIHhBgorBgEEAdZ5AgERBIHSMIHPAgECCgEAAgEBCgEABCCfVEl83pSDSerk9I3pcICNTdzc5N3u4jt21cXdzBuJjgQAMGm_hT0IAgYBXtPjz6C_hUVZBFcwVTEvMC0EKGNvbS5hbmRyb2lkLmtleXN0b3JlLmFuZHJvaWRrZXlzdG9yZWRlbW8CAQExIgQgdM_LUHSI9SkQhZHHpQWRnzJ3MvvB2ANSauqYAAbS2JgwMqEFMQMCAQKiAwIBA6MEAgIBAKUFMQMCAQSqAwIBAb-DeAMCAQK_hT4DAgEAv4U_AgUAMB8GA1UdIwQYMBaAFKPSqizvDYzyJALVHLRgvL9qWyQUMAoGCCqGSM49BAMCA0cAMEQCIC7WHb2PyULnjp1M1TVI3Wti_eDhe6sFweuQAdecXtHhAiAS_eZkFsx_VNsrTu3XfZ2D7wIt-vT6nTljfHZ4zqU5xlkDGDCCAxQwggK6oAMCAQICAQIwCgYIKoZIzj0EAwIwgdwxPTA7BgNVBAMMNEZBS0UgQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBSb290IEZBS0UxMTAvBgkqhkiG9w0BCQEWImNvbmZvcm1hbmNlLXRvb2xzQGZpZG9hbGxpYW5jZS5vcmcxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNWTESMBAGA1UEBwwJV2FrZWZpZWxkMB4XDTE5MDQyNTA1NDkzMloXDTQ2MDkxMDA1NDkzMlowgeQxRTBDBgNVBAMMPEZBS0UgQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUgRkFLRTExMC8GCSqGSIb3DQEJARYiY29uZm9ybWFuY2UtdG9vbHNAZmlkb2FsbGlhbmNlLm9yZzEWMBQGA1UECgwNRklETyBBbGxpYW5jZTEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1ZMRIwEAYDVQQHDAlXYWtlZmllbGQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrUGErYk0Xu8O1GwRJOwVJC4wfi52883my3tygfFKh17YN0yF13Ct-3bwm2wjVX4b2cbaU3DBNpKKKjE4DpvXHo2MwYTAPBgNVHRMBAf8EBTADAQH_MA4GA1UdDwEB_wQEAwIChDAdBgNVHQ4EFgQUo9KqLO8NjPIkAtUctGC8v2pbJBQwHwYDVR0jBBgwFoAUUpobMuBWqs1RD-9fgDcGi_KRIx0wCgYIKoZIzj0EAwIDSAAwRQIhALFvLkAvtHrObTmN8P0-yLIT496P_weSEEbB6vCJWSh9AiBu-UOorCeLcF4WixOG9E5Li2nXe4uM2q6mbKGkll8u-WhhdXRoRGF0YVikPdxHEOnAiLIp26idVjIguzn3Ipr_RlsKZWsa-5qK-KBBAAAAYFUOS1SqR0CfmpUat2wTATEAIFedRhNvbRm4W8u7G4NXGf6i_FfJ46hLF6QJ8EAaG74MpQECAyYgASFYIG6jCBK7kChGPxWL9k1IUFsZRklcUb0yQNPqMAOWvu04Ilggr00SCNVfnf56uBenI9oVmsBH2nL7GfN-Mguf8rNvwio",
"clientDataJSON": "eyJvcmlnaW4iOiJodHRwczovL2Rldi5kb250bmVlZGEucHciLCJjaGFsbGVuZ2UiOiI0YWI3ZGZkMS1hNjk1LTQ3NzctOTg1Zi1hZDI5OTM4MjhlOTkiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0"
},
"type": "public-key"
}`,
}

112
webauthn/attestation_apple.go Normal file
View File

@@ -0,0 +1,112 @@
package webauthn
import (
"bytes"
"crypto/sha256"
"crypto/x509"
"encoding/asn1"
"fmt"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func init() {
RegisterAttestationFormat(AttestationFormatApple, verifyAppleFormat)
}
// The apple attestation statement looks like:
// $$attStmtType //= (
//
// fmt: "apple",
// attStmt: appleStmtFormat
//
// )
//
// appleStmtFormat = {
// x5c: [ credCert: bytes, * (caCert: bytes) ]
// }
//
// Specification: §8.8. Apple Anonymous Attestation Statement Format (https://www.w3.org/TR/webauthn/#sctn-apple-anonymous-attestation)
func verifyAppleFormat(
att AttestationObject,
clientDataHash []byte,
_ metadata.Provider,
) (string, []any, error) {
// Step 1. Verify that attStmt is valid CBOR conforming to the syntax defined
// above and perform CBOR decoding on it to extract the contained fields.
// If x5c is not present, return an error.
x5c, x509present := att.AttStatement[stmtX5C].([]any)
if !x509present {
// Handle Basic Attestation steps for the x509 Certificate
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving x5c value")
}
credCertBytes, valid := x5c[0].([]byte)
if !valid {
return "", nil, ErrAttestation.WithDetails("Error getting certificate from x5c cert chain")
}
credCert, err := x509.ParseCertificate(credCertBytes)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails(fmt.Sprintf("Error parsing certificate from ASN.1 data: %+v", err)).
WithError(err)
}
// Step 2. Concatenate authenticatorData and clientDataHash to form nonceToHash.
nonceToHash := append(att.RawAuthData, clientDataHash...)
// Step 3. Perform SHA-256 hash of nonceToHash to produce nonce.
nonce := sha256.Sum256(nonceToHash)
// Step 4. Verify that nonce equals the value of the extension with OID 1.2.840.113635.100.8.2 in credCert.
var attExtBytes []byte
for _, ext := range credCert.Extensions {
if ext.Id.Equal([]int{1, 2, 840, 113635, 100, 8, 2}) {
attExtBytes = ext.Value
}
}
if len(attExtBytes) == 0 {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate extensions missing 1.2.840.113635.100.8.2",
)
}
decoded := AppleAnonymousAttestation{}
if _, err = asn1.Unmarshal(attExtBytes, &decoded); err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Unable to parse apple attestation certificate extensions").
WithError(err)
}
if !bytes.Equal(decoded.Nonce, nonce[:]) {
return "", nil, ErrInvalidAttestation.WithDetails(
"Attestation certificate does not contain expected nonce",
)
}
// Step 5. Verify that the credential public key equals the Subject Public Key of credCert.
pubKey, err := webauthncose.ParsePublicKey(att.AuthData.AttData.CredentialPublicKey)
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error parsing public key: %+v\n", err)).
WithError(err)
}
// Use the centralized verification function in webauthncose
if err := webauthncose.VerifyEC2PublicKeyMatch(pubKey, credCert.PublicKey); err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(
"Certificate public key does not match public key in authData",
).WithError(err)
}
// Step 6. If successful, return implementation-specific values representing attestation type Anonymization CA and attestation trust path x5c.
return string(metadata.AnonCA), x5c, nil
}
// AppleAnonymousAttestation represents the attestation format for Apple, who have not yet published a schema for the
// extension (as of JULY 2021.)
type AppleAnonymousAttestation struct {
Nonce []byte `asn1:"tag:1,explicit"`
}

70
webauthn/attestation_apple_test.go Normal file
View File

@@ -0,0 +1,70 @@
package webauthn
import (
"crypto/sha256"
"testing"
"github.com/sonr-io/common/webauthn/metadata"
)
func Test_verifyAppleFormat(t *testing.T) {
type args struct {
att AttestationObject
clientDataHash []byte
}
successAttResponse := attestationTestUnpackResponse(
t,
appleTestResponse["success"],
).Response.AttestationObject
successClientDataHash := sha256.Sum256(
attestationTestUnpackResponse(
t,
appleTestResponse["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
tests := []struct {
name string
args args
want string
want1 []any
wantErr bool
}{
{
"success",
args{
successAttResponse,
successClientDataHash[:],
},
string(metadata.AnonCA),
nil,
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, _, err := verifyAppleFormat(tt.args.att, tt.args.clientDataHash, nil)
if (err != nil) != tt.wantErr {
t.Errorf("verifyAppleFormat() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("verifyAppleFormat() got = %v, want %v", got, tt.want)
}
})
}
}
var appleTestResponse = map[string]string{
`success`: `{
"rawId": "U5cxFNxLbU9-SAi1K7k9atYwXhghkAMbxpL__VPtBlw",
"id": "U5cxFNxLbU9-SAi1K7k9atYwXhghkAMbxpL__VPtBlw",
"response": {
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoia093TXZFMm1RTzZvdTBCMGpqRDBWQSIsIm9yaWdpbiI6Imh0dHBzOi8vNmNjM2M5ZTc5NjdhLm5ncm9rLmlvIn0",
"attestationObject": "o2NmbXRlYXBwbGVnYXR0U3RtdKJjYWxnJmN4NWOCWQJIMIICRDCCAcmgAwIBAgIGAXUCfWGDMAoGCCqGSM49BAMCMEgxHDAaBgNVBAMME0FwcGxlIFdlYkF1dGhuIENBIDExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAxMDA3MDk0NjEyWhcNMjAxMDA4MDk1NjEyWjCBkTFJMEcGA1UEAwxANjEyNzZmYzAyZDNmZThkMTZiMzNiNTU0OWQ4MTkyMzZjODE3NDZhODNmMmU5NGE2ZTRiZWUxYzcwZjgxYjViYzEaMBgGA1UECwwRQUFBIENlcnRpZmljYXRpb24xEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5_lkIu1EpyAk4t1TATSs0DvpmFbmHaYv1naTlPqPm_vsD2qEnDVgE6KthwVqsokNcfb82nXHKFcUjsABKG3W3o1UwUzAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB_wQEAwIE8DAzBgkqhkiG92NkCAIEJjAkoSIEIJxgAhVAs-GYNN_jfsYkRcieGylPeSzka5QTwyMO84aBMAoGCCqGSM49BAMCA2kAMGYCMQDaHBjrI75xAF7SXzyF5zSQB_Lg9PjTdyye-w7stiqy84K6lmo8d3fIptYjLQx81bsCMQCvC8MSN-aewiaU0bMsdxRbdDerCJJj3xJb3KZwloevJ3daCmCcrZrAPYfLp2kDOshZAjgwggI0MIIBuqADAgECAhBWJVOVx6f7QOviKNgmCFO2MAoGCCqGSM49BAMDMEsxHzAdBgNVBAMMFkFwcGxlIFdlYkF1dGhuIFJvb3QgQ0ExEzARBgNVBAoMCkFwcGxlIEluYy4xEzARBgNVBAgMCkNhbGlmb3JuaWEwHhcNMjAwMzE4MTgzODAxWhcNMzAwMzEzMDAwMDAwWjBIMRwwGgYDVQQDDBNBcHBsZSBXZWJBdXRobiBDQSAxMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEgy6HLyYUkYECJbn1_Na7Y3i19V8_ywRbxzWZNHX9VJBE35v-GSEXZcaaHdoFCzjUUINAGkNPsk0RLVbD4c-_y5iR_sBpYIG--Wy8d8iN3a9Gpa7h3VFbWvqrk76cCyaRo2YwZDASBgNVHRMBAf8ECDAGAQH_AgEAMB8GA1UdIwQYMBaAFCbXZNnFeMJaZ9Gn3msS0Btj8cbXMB0GA1UdDgQWBBTrroLE_6GsW1HUzyRhBQC-Y713iDAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIxAN2LGjSBpfrZ27TnZXuEHhRMJ7dbh2pBhsKxR1dQM3In7-VURX72SJUMYy5cSD5wwQIwLIpgRNwgH8_lm8NNKTDBSHhR2WDtanXx60rKvjjNJbiX0MgFvvDH94sHpXHG6A4HaGF1dGhEYXRhWJhWHo8_bWPQzAMKYRIrGXu__PkMUfuqHM4RH7Jea4WDgkUAAAAAAAAAAAAAAAAAAAAAAAAAAAAUomGfdaNI-cYgWrq2klNk97zkcg-lAQIDJiABIVggef5ZCLtRKcgJOLdUwE0rNA76ZhW5h2mL9Z2k5T6j5v4iWCD7A9qhJw1YBOirYcFarKJDXH2_Np1xyhXFI7AASht1tw"},
"type": "public-key"
}`,
}

312
webauthn/attestation_packed.go Normal file
View File

@@ -0,0 +1,312 @@
package webauthn
import (
"bytes"
"crypto/x509"
"encoding/asn1"
"fmt"
"strings"
"time"
"github.com/biter777/countries"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func init() {
RegisterAttestationFormat(AttestationFormatPacked, verifyPackedFormat)
}
// The packed attestation statement looks like:
//
// packedStmtFormat = {
// alg: COSEAlgorithmIdentifier,
// sig: bytes,
// x5c: [ attestnCert: bytes, * (caCert: bytes) ]
// } OR
// {
// alg: COSEAlgorithmIdentifier, (-260 for ED256 / -261 for ED512)
// sig: bytes,
// ecdaaKeyId: bytes
// } OR
// {
// alg: COSEAlgorithmIdentifier
// sig: bytes,
// }
//
// Specification: §8.2. Packed Attestation Statement Format (https://www.w3.org/TR/webauthn/#sctn-packed-attestation)
func verifyPackedFormat(
att AttestationObject,
clientDataHash []byte,
_ metadata.Provider,
) (string, []any, error) {
// Step 1. Verify that attStmt is valid CBOR conforming to the syntax defined
// above and perform CBOR decoding on it to extract the contained fields.
// Get the alg value - A COSEAlgorithmIdentifier containing the identifier of the algorithm
// used to generate the attestation signature.
alg, present := att.AttStatement[stmtAlgorithm].(int64)
if !present {
return string(
AttestationFormatPacked,
), nil, ErrAttestationFormat.WithDetails(
"Error retrieving alg value",
)
}
// Get the sig value - A byte string containing the attestation signature.
sig, present := att.AttStatement[stmtSignature].([]byte)
if !present {
return string(
AttestationFormatPacked,
), nil, ErrAttestationFormat.WithDetails(
"Error retrieving sig value",
)
}
// Step 2. If x5c is present, this indicates that the attestation type is not ECDAA.
x5c, x509present := att.AttStatement[stmtX5C].([]any)
if x509present {
// Handle Basic Attestation steps for the x509 Certificate
return handleBasicAttestation(
sig,
clientDataHash,
att.RawAuthData,
att.AuthData.AttData.AAGUID,
alg,
x5c,
)
}
// Step 3. If ecdaaKeyId is present, then the attestation type is ECDAA.
// Also make sure the we did not have an x509 then
ecdaaKeyID, ecdaaKeyPresent := att.AttStatement[stmtECDAAKID].([]byte)
if ecdaaKeyPresent {
// Handle ECDAA Attestation steps for the x509 Certificate
return handleECDAAAttestation(sig, clientDataHash, ecdaaKeyID)
}
// Step 4. If neither x5c nor ecdaaKeyId is present, self attestation is in use.
return handleSelfAttestation(
alg,
att.AuthData.AttData.CredentialPublicKey,
att.RawAuthData,
clientDataHash,
sig,
)
}
// Handle the attestation steps laid out in
func handleBasicAttestation(
signature, clientDataHash, authData, aaguid []byte,
alg int64,
x5c []any,
) (string, []any, error) {
// Step 2.1. Verify that sig is a valid signature over the concatenation of authenticatorData
// and clientDataHash using the attestation public key in attestnCert with the algorithm specified in alg.
for _, c := range x5c {
cb, cv := c.([]byte)
if !cv {
return "", x5c, ErrAttestation.WithDetails(
"Error getting certificate from x5c cert chain",
)
}
ct, err := x509.ParseCertificate(cb)
if err != nil {
return "", x5c, ErrAttestationFormat.WithDetails(fmt.Sprintf("Error parsing certificate from ASN.1 data: %+v", err)).
WithError(err)
}
if ct.NotBefore.After(time.Now()) || ct.NotAfter.Before(time.Now()) {
return "", x5c, ErrAttestationFormat.WithDetails("Cert in chain not time valid")
}
}
attCertBytes, valid := x5c[0].([]byte)
if !valid {
return "", x5c, ErrAttestation.WithDetails("Error getting certificate from x5c cert chain")
}
signatureData := append(authData, clientDataHash...)
attCert, err := x509.ParseCertificate(attCertBytes)
if err != nil {
return "", x5c, ErrAttestationFormat.WithDetails(fmt.Sprintf("Error parsing certificate from ASN.1 data: %+v", err)).
WithError(err)
}
coseAlg := webauthncose.COSEAlgorithmIdentifier(alg)
if err = attCert.CheckSignature(webauthncose.SigAlgFromCOSEAlg(coseAlg), signatureData, signature); err != nil {
return "", x5c, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Signature validation error: %+v\n", err)).
WithError(err)
}
// Step 2.2 Verify that attestnCert meets the requirements in §8.2.1 Packed attestation statement certificate requirements.
// §8.2.1 can be found here https://www.w3.org/TR/webauthn/#packed-attestation-cert-requirements
// Step 2.2.1 (from §8.2.1) Version MUST be set to 3 (which is indicated by an ASN.1 INTEGER with value 2).
if attCert.Version != 3 {
return "", x5c, ErrAttestationCertificate.WithDetails(
"Attestation Certificate is incorrect version",
)
}
// Step 2.2.2 (from §8.2.1) Subject field MUST be set to:
// Subject-C
// ISO 3166 code specifying the country where the Authenticator vendor is incorporated (PrintableString)
// Validate country code using ISO 3166 library
subjectString := strings.Join(attCert.Subject.Country, "")
if subjectString == "" {
return "", x5c, ErrAttestationCertificate.WithDetails(
"Attestation Certificate Country Code is empty",
)
}
// Validate that the country code is a valid ISO 3166 code
// ByName supports Alpha-2, Alpha-3, and full country names (case-insensitive)
country := countries.ByName(subjectString)
if country == countries.Unknown {
return "", x5c, ErrAttestationCertificate.WithDetails(
fmt.Sprintf(
"Attestation Certificate Country Code '%s' is not a valid ISO 3166 code",
subjectString,
),
)
}
// Subject-O
// Legal name of the Authenticator vendor (UTF8String)
subjectString = strings.Join(attCert.Subject.Organization, "")
if subjectString == "" {
return "", x5c, ErrAttestationCertificate.WithDetails(
"Attestation Certificate Organization is invalid",
)
}
// Subject-OU
// Literal string "Authenticator Attestation" (UTF8String)
subjectString = strings.Join(attCert.Subject.OrganizationalUnit, " ")
if subjectString != "Authenticator Attestation" {
return "", x5c, ErrAttestationCertificate.WithDetails(
"Attestation Certificate OrganizationalUnit must be 'Authenticator Attestation'",
)
}
// Subject-CN
// A UTF8String of the vendor's choosing
subjectString = attCert.Subject.CommonName
if subjectString == "" {
return "", x5c, ErrAttestationCertificate.WithDetails(
"Attestation Certificate Common Name not set",
)
}
// Step 2.2.3 (from §8.2.1) If the related attestation root certificate is used for multiple authenticator models,
// the Extension OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) MUST be present, containing the
// AAGUID as a 16-byte OCTET STRING. The extension MUST NOT be marked as critical.
idFido := asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 45724, 1, 1, 4}
var foundAAGUID []byte
for _, extension := range attCert.Extensions {
if extension.Id.Equal(idFido) {
if extension.Critical {
return "", x5c, ErrInvalidAttestation.WithDetails(
"Attestation certificate FIDO extension marked as critical",
)
}
foundAAGUID = extension.Value
}
}
// We validate the AAGUID as mentioned above
// This is not well defined in§8.2.1 but mentioned in step 2.3: we validate the AAGUID if it is present within the certificate
// and make sure it matches the auth data AAGUID
// Note that an X.509 Extension encodes the DER-encoding of the value in an OCTET STRING. Thus, the
// AAGUID MUST be wrapped in two OCTET STRINGS to be valid.
if len(foundAAGUID) > 0 {
unMarshalledAAGUID := []byte{}
asn1.Unmarshal(foundAAGUID, &unMarshalledAAGUID)
if !bytes.Equal(aaguid, unMarshalledAAGUID) {
return "", x5c, ErrInvalidAttestation.WithDetails(
"Certificate AAGUID does not match Auth Data certificate",
)
}
}
// Step 2.2.4 The Basic Constraints extension MUST have the CA component set to false.
if attCert.IsCA {
return "", x5c, ErrInvalidAttestation.WithDetails(
"Attestation certificate's Basic Constraints marked as CA",
)
}
// Note for 2.2.5 An Authority Information Access (AIA) extension with entry id-ad-ocsp and a CRL
// Distribution Point extension [RFC5280](https://www.w3.org/TR/webauthn/#biblio-rfc5280) are
// both OPTIONAL as the status of many attestation certificates is available through authenticator
// metadata services. See, for example, the FIDO Metadata Service
// [FIDOMetadataService] (https://www.w3.org/TR/webauthn/#biblio-fidometadataservice)
// Step 2.4 If successful, return attestation type Basic and attestation trust path x5c.
// We don't handle trust paths yet but we're done
return string(metadata.BasicFull), x5c, nil
}
func handleECDAAAttestation(signature, clientDataHash, ecdaaKeyID []byte) (string, []any, error) {
return "Packed (ECDAA)", nil, ErrNotSpecImplemented
}
func handleSelfAttestation(
alg int64,
pubKey, authData, clientDataHash, signature []byte,
) (string, []any, error) {
verificationData := append(authData, clientDataHash...)
key, err := webauthncose.ParsePublicKey(pubKey)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails(
fmt.Sprintf("Error parsing the public key: %+v\n", err),
)
}
// §4.1 Validate that alg matches the algorithm of the credentialPublicKey in authenticatorData.
switch k := key.(type) {
case webauthncose.OKPPublicKeyData:
err = verifyKeyAlgorithm(k.Algorithm, alg)
case webauthncose.EC2PublicKeyData:
err = verifyKeyAlgorithm(k.Algorithm, alg)
case webauthncose.RSAPublicKeyData:
err = verifyKeyAlgorithm(k.Algorithm, alg)
default:
return "", nil, ErrInvalidAttestation.WithDetails("Error verifying the public key data")
}
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails("Failed to verify signature").
WithError(err)
}
// §4.2 Verify that sig is a valid signature over the concatenation of authenticatorData and
// clientDataHash using the credential public key with alg.
valid, err := webauthncose.VerifySignature(key, verificationData, signature)
if !valid && err == nil {
return "", nil, ErrInvalidAttestation.WithDetails("Unable to verify signature")
}
return string(metadata.BasicSurrogate), nil, err
}
func verifyKeyAlgorithm(keyAlgorithm, attestedAlgorithm int64) error {
if keyAlgorithm != attestedAlgorithm {
return ErrInvalidAttestation.WithDetails(
"Public key algorithm does not equal att statement algorithm",
)
}
return nil
}

135
webauthn/attestation_packed_test.go Normal file
View File

@@ -0,0 +1,135 @@
package webauthn
import (
"crypto/sha256"
"testing"
"github.com/sonr-io/common/webauthn/metadata"
)
func Test_verifyPackedFormat(t *testing.T) {
type args struct {
att AttestationObject
clientDataHash []byte
}
successAttResponseES256 := attestationTestUnpackResponse(
t,
packedTestResponseES256["success"],
).Response.AttestationObject
successClientDataHashES256 := sha256.Sum256(
attestationTestUnpackResponse(
t,
packedTestResponseES256["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
successAttResponseES512 := attestationTestUnpackResponse(
t,
packedTestResponseES512["success"],
).Response.AttestationObject
successClientDataHashES512 := sha256.Sum256(
attestationTestUnpackResponse(
t,
packedTestResponseES512["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
successAttResponseSolo2 := attestationTestUnpackResponse(
t,
packedTestResponseSolo2["success"],
).Response.AttestationObject
successClientDataHashSolo2 := sha256.Sum256(
attestationTestUnpackResponse(
t,
packedTestResponseSolo2["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
tests := []struct {
name string
args args
want string
want1 []any
wantErr bool
}{
{
"success",
args{
successAttResponseES256,
successClientDataHashES256[:],
},
string(metadata.BasicFull),
nil,
false,
},
{
"success 512",
args{
successAttResponseES512,
successClientDataHashES512[:],
},
string(metadata.BasicSurrogate),
nil,
false,
},
{
"success Solo2",
args{
successAttResponseSolo2,
successClientDataHashSolo2[:],
},
string(metadata.BasicFull),
nil,
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, _, err := verifyPackedFormat(tt.args.att, tt.args.clientDataHash, nil)
if (err != nil) != tt.wantErr {
t.Errorf("verifyPackedFormat() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("verifyPackedFormat() got = %v, want %v", got, tt.want)
}
})
}
}
var packedTestResponseES256 = map[string]string{
`success`: `{
"rawId": "hUf7WI3IZmoLOzYhHFe7U-df4QD17lQBMi9iS-z3dWFlr79MXOoTR8dJzb_Y7sAstHBrcC1nv8pOr6aFz50K65juYXWt8k26bKu-Hu4CulPo53bIStJ4kpOr2Dlr6Z4D",
"id": "hUf7WI3IZmoLOzYhHFe7U-df4QD17lQBMi9iS-z3dWFlr79MXOoTR8dJzb_Y7sAstHBrcC1nv8pOr6aFz50K65juYXWt8k26bKu-Hu4CulPo53bIStJ4kpOr2Dlr6Z4D",
"response": {
"clientDataJSON": "ew0KCSJ0eXBlIiA6ICJ3ZWJhdXRobi5jcmVhdGUiLA0KCSJjaGFsbGVuZ2UiIDogIlBfSktRaWQxdHZzNEJsdGlaMUNzRWZYbDNHWjBJcG1MUFVRRmxZLW8weDlzZ3ZDS3lXNXpQUkpjTzc3M2VpOE93WEN5Rjl1Wk42X3B5elhOT0FKUjdBIiwNCgkib3JpZ2luIiA6ICJodHRwczovL2xvY2FsaG9zdDo0NDMyOSIsDQoJInRva2VuQmluZGluZyIgOiANCgl7DQoJCSJzdGF0dXMiIDogInN1cHBvcnRlZCINCgl9DQp9",
"attestationObject": "o2NmbXRmcGFja2VkaGF1dGhEYXRhWORJlg3liA6MaHQ0Fw9kdmBbj-SuuaKGMseZXPO6gx2XY0UAAChiQjgyRUQ3M0M4RkI0RTVBMgBghUf7WI3IZmoLOzYhHFe7U-df4QD17lQBMi9iS-z3dWFlr79MXOoTR8dJzb_Y7sAstHBrcC1nv8pOr6aFz50K65juYXWt8k26bKu-Hu4CulPo53bIStJ4kpOr2Dlr6Z4DpQECAyYgASFYIA9RHvpjfWoWN_Im7eYwG1Y8kA77s7QH9uf9TePknT3mIlggJ8tNsMrPPrewstqf65ItALMxBIi4VUoTIZEyAkXN6U1nYXR0U3RtdKNjYWxnJmNzaWdYRzBFAiBsbcx3U1xgYinrnczLOUDOlYGvYENDGzv77WdM1W3FTQIhAJ16HUK8XyG83cOVQFKkijdgHyDV97XylRMU_rWHAkP_Y3g1Y4NZAkUwggJBMIIB6KADAgECAhAVn3vCzYkY8Shrk0j6nzPiMAoGCCqGSM49BAMCMEkxCzAJBgNVBAYTAkNOMR0wGwYDVQQKDBRGZWl0aWFuIFRlY2hub2xvZ2llczEbMBkGA1UEAwwSRmVpdGlhbiBGSURPMiBDQS0xMCAXDTE4MDQxMTAwMDAwMFoYDzIwMzMwNDEwMjM1OTU5WjBvMQswCQYDVQQGEwJDTjEdMBsGA1UECgwURmVpdGlhbiBUZWNobm9sb2dpZXMxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xHTAbBgNVBAMMFEZUIEJpb1Bhc3MgRklETzIgVVNCMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgAZ1XFn7yUmwFajSCpJYl76DCrLv6Cz4j-2gkJZj5UjHHxEnBTO0JEZ4nUz-4QFDipTpgz3iACwvKh3Xb03bXaOBiTCBhjAdBgNVHQ4EFgQUelSCQoBi2Irnr4SYJcSvkak0mPIwHwYDVR0jBBgwFoAUTTvYxGcVG7sT6POE2DBPnWkVwIMwDAYDVR0TAQH_BAIwADATBgsrBgEEAYLlHAIBAQQEAwIFIDAhBgsrBgEEAYLlHAEBBAQSBBBCODJFRDczQzhGQjRFNUEyMAoGCCqGSM49BAMCA0cAMEQCICRLRaO-iNy34CWixqMSz_uG7bwnSiLBBS4xSFHw6LCHAiA0Gr9OHCTyCxpz1T2swqn5FbQbsjprAW8f7_jg5_iQwFkB_zCCAfswggGgoAMCAQICEBWfe8LNiRjxKGuTSPqfM-EwCgYIKoZIzj0EAwIwSzELMAkGA1UEBhMCQ04xHTAbBgNVBAoMFEZlaXRpYW4gVGVjaG5vbG9naWVzMR0wGwYDVQQDDBRGZWl0aWFuIEZJRE8gUm9vdCBDQTAgFw0xODA0MTAwMDAwMDBaGA8yMDM4MDQwOTIzNTk1OVowSTELMAkGA1UEBhMCQ04xHTAbBgNVBAoMFEZlaXRpYW4gVGVjaG5vbG9naWVzMRswGQYDVQQDDBJGZWl0aWFuIEZJRE8yIENBLTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASOfmAJ7MEWZcyg-sPpb-UIO5VtVyUR61sy9NZnOVfdZ9i2FzUd_0u5gOYLqbkzuZo0MPMX6iETB1a9agd03nWPo2YwZDAdBgNVHQ4EFgQUTTvYxGcVG7sT6POE2DBPnWkVwIMwHwYDVR0jBBgwFoAU0aGYTYF_w7lr9gdnvVAS_pBF8VQwEgYDVR0TAQH_BAgwBgEB_wIBADAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwIDSQAwRgIhAPt_o9JAR6ERUMJ4Vm0hzJAWmOyhf087SDRTecpg5MJlAiEA6wpDwYjB172IPpEkYFbCsLlbWKJ0bwufPKkcKS0rWexZAdwwggHYMIIBfqADAgECAhAVn3vCzYkY8Shrk0j6nzPWMAoGCCqGSM49BAMCMEsxCzAJBgNVBAYTAkNOMR0wGwYDVQQKDBRGZWl0aWFuIFRlY2hub2xvZ2llczEdMBsGA1UEAwwURmVpdGlhbiBGSURPIFJvb3QgQ0EwIBcNMTgwNDAxMDAwMDAwWhgPMjA0ODAzMzEyMzU5NTlaMEsxCzAJBgNVBAYTAkNOMR0wGwYDVQQKDBRGZWl0aWFuIFRlY2hub2xvZ2llczEdMBsGA1UEAwwURmVpdGlhbiBGSURPIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASd8ApuO8xfUTLVvqT5ZBB01Uy30mAZbInc-8zgFIrlepN-j77SgCP_i2fDIgvQcUFH1K36S2OpJcN-OJcC6uzzo0IwQDAdBgNVHQ4EFgQU0aGYTYF_w7lr9gdnvVAS_pBF8VQwDwYDVR0TAQH_BAUwAwEB_zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIhALexPWUGMZ4X7EpOnNXUphTZyRqFN3iYsnLNg6Foe_iKAiAPYliR_IflDgGmjyuug7Qi3uhiMXaSDL95JndT0aVqrA"
},
"type": "public-key"
}`,
}
var packedTestResponseES512 = map[string]string{
`success`: `{
"rawId": "6YIJExgLDzTvfys9WgQlIGTL1L9Ys9bhaaA1Pr-OAPc",
"id": "6YIJExgLDzTvfys9WgQlIGTL1L9Ys9bhaaA1Pr-OAPc",
"response": {
"clientDataJSON": "eyJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo0NDMyOSIsImNoYWxsZW5nZSI6IlFQQS1GckNTd2ctcUhoell2UklkbkEiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0",
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZzgjY3NpZ1iKMIGHAkE9Vr0j3zGzH6_YASuNse-D4bIDPU4ralNkJqgbCyv_tPNdt27VKaPDnK3WKWgv1qna04qMA7yukZeOPods8arRVQJCAZibACvAfmwBNT4cvR32MNvgGienLXmi2q8MwytcGrtOMnyhnxgco0pOFH7eWHXzn64mVqdSD-wPRTIfJ3McBxW0aGF1dGhEYXRhWOlJlg3liA6MaHQ0Fw9kdmBbj-SuuaKGMseZXPO6gx2XY0EAAABmI4irjYkVQUaTutQ-Zx0lOAAg6YIJExgLDzTvfys9WgQlIGTL1L9Ys9bhaaA1Pr-OAPelAQIDOCMgAyFYQgGzEwyupDz8u1IHtClxewg8CYWBRqD6_SufCj6-LevV57awHyeFGbyfS78ZB4e_I7RmndDI-jO24T3WZ1JMoE1mMCJYQgCpx32yAvYCfKWILgd5aLYuE5L8lEWuN5lhzGwNXoi6pj0JcQR60yCzI8HPlESzEvpqtCNBqF99eD2JETVIqkiwvQ"
},
"type": "public-key"
}`,
}
var packedTestResponseSolo2 = map[string]string{
`success`: `{
"id":"owBY6F5857tda9Pg5iFNCg6ksHpGOYhrNqIn46pkvhEMKIgNGcKS-vDGAUEroq0-VHnl1LhzQkPRQmYBTHjGcpLKZKSLa2m2ANI-91HjXzoJd_zFOiEnu7CDwQTff9KZ6uPlx7kUK-JJOHar-IyRKcNhc_kOJ2ezglmj1JYuIJLoDEyXlKkkviFdwk1vbWLnO3p_oWROUeIgH_S4CLVLPIJXkPe0YvMgp3ESs9CsrN6kvMTysVRIt_h5KUqpZo0TKCL96zwFk1X_2PwCLKWmOxVL35lJfUKOHG9rc3bmKlqZR6aOgZjerY6BpU8BTJkAqfOvdVlqFeEcywJQgveR7FOvnVtoqzd5oaEwjA",
"rawId":"owBY6F5857tda9Pg5iFNCg6ksHpGOYhrNqIn46pkvhEMKIgNGcKS-vDGAUEroq0-VHnl1LhzQkPRQmYBTHjGcpLKZKSLa2m2ANI-91HjXzoJd_zFOiEnu7CDwQTff9KZ6uPlx7kUK-JJOHar-IyRKcNhc_kOJ2ezglmj1JYuIJLoDEyXlKkkviFdwk1vbWLnO3p_oWROUeIgH_S4CLVLPIJXkPe0YvMgp3ESs9CsrN6kvMTysVRIt_h5KUqpZo0TKCL96zwFk1X_2PwCLKWmOxVL35lJfUKOHG9rc3bmKlqZR6aOgZjerY6BpU8BTJkAqfOvdVlqFeEcywJQgveR7FOvnVtoqzd5oaEwjA",
"response":{
"attestationObject":"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEgwRgIhAIXRMqmC2_bHTkKUwOvLvmAikuQPCk__9clILwjhOz3VAiEApJXTrN4WMiPwFXqTIh0oI8AZBm3vs-y_UotbQFSnX99jeDVjgVkCqzCCAqcwggJMoAMCAQICFGqj6W3EVhRWQJPun0qqCMyTlnqKMAoGCCqGSM49BAMCMC0xETAPBgNVBAoMCFNvbG9LZXlzMQswCQYDVQQGEwJDSDELMAkGA1UEAwwCRjEwIBcNMjEwNTIzMDA1MjA2WhgPMjA3MTA1MTEwMDUyMDZaMIGDMQswCQYDVQQGEwJVUzERMA8GA1UECgwIU29sb0tleXMxIjAgBgNVBAsMGUF1dGhlbnRpY2F0b3IgQXR0ZXN0YXRpb24xPTA7BgNVBAMMNFNvbG8gMiBORkMrVVNCLUMgMjM2OUQ0RDAxM0NFNDhDQjlGMjZGN0VEOEM5QTYwNjggQjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS6N5V2fT-agh34bRiW--Wl6CQPSsnLqqSEID0t5RRKjjl1NDI__mzuyYuOrWyb5yzGZRHgnHq65cm2ROpxo6AOo4HwMIHtMB0GA1UdDgQWBBQ6CEDC5W8_zAMOhVgV8wHJI8n3bzAfBgNVHSMEGDAWgBRBa7ZL76IZDeRiX_0pBJa5gim0-DAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9pLnMycGtpLm5ldC9mMS8wJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL2MuczJwa2kubmV0L3IxLzAhBgsrBgEEAYLlHAEBBAQSBBAjadTQE85Iy58m9-2MmmBoMBMGCysGAQQBguUcAgEBBAQDAgQwMAoGCCqGSM49BAMCA0kAMEYCIQCP82Rolr0U2FvOJq53AZYcA6xfC4-cNDczvf0FtU1SQAIhAIvb21Z3D8RCvwk2-Ryn4wpsGnn2vma6Bw3E1f48hyVwaGF1dGhEYXRhWQFtarm78N-aFvkduzO7sTL6-dF8eCxIJsbscOzuWNl-9SpBAAAAJyNp1NATzkjLnyb37YyaYGgBDKMAWOhefOe7XWvT4OYhTQoOpLB6RjmIazaiJ-OqZL4RDCiIDRnCkvrwxgFBK6KtPlR55dS4c0JD0UJmAUx4xnKSymSki2tptgDSPvdR4186CXf8xTohJ7uwg8EE33_Smerj5ce5FCviSTh2q_iMkSnDYXP5Didns4JZo9SWLiCS6AxMl5SpJL4hXcJNb21i5zt6f6FkTlHiIB_0uAi1SzyCV5D3tGLzIKdxErPQrKzepLzE8rFUSLf4eSlKqWaNEygi_es8BZNV_9j8AiylpjsVS9-ZSX1Cjhxva3N25ipamUemjoGY3q2OgaVPAUyZAKnzr3VZahXhHMsCUIL3kexTr51baKs3eaGhMIykAQEDJyAGIVggjz9UkJ7cKooE3blSuzlqxkdLppMuFl3CIiST8odWS6k",
"clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiQ1dieENUMEc0TDJ5T1JwQkw2U1dWaWd3ZTJrUUVYQmhvNUw2d0U0Ny1FcyIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4uZmlyc3R5ZWFyLmlkLmF1IiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQ"
},
"type":"public-key"
}`,
}

181
webauthn/attestation_safetynet.go Normal file
View File

@@ -0,0 +1,181 @@
package webauthn
import (
"bytes"
"context"
"crypto/sha256"
"crypto/x509"
"encoding/base64"
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/mitchellh/mapstructure"
"github.com/sonr-io/common/webauthn/metadata"
)
// Supported SafetyNet API versions
// These versions have been tested and are known to work with the attestation format
var supportedSafetyNetVersions = map[string]bool{
"12799383": true, // Legacy version
"13799434": true, // Current stable version
"14799434": true, // Latest version
"15180037": true, // Test version from Android Chrome
"15396000": true, // 2022 release
"16000000": true, // 2023 release
"17000000": true, // 2024 release
"SNAPSHOT": true, // Development version for testing
}
func init() {
RegisterAttestationFormat(AttestationFormatAndroidSafetyNet, verifySafetyNetFormat)
}
type SafetyNetResponse struct {
Nonce string `json:"nonce"`
TimestampMs int64 `json:"timestampMs"`
ApkPackageName string `json:"apkPackageName"`
ApkDigestSha256 string `json:"apkDigestSha256"`
CtsProfileMatch bool `json:"ctsProfileMatch"`
ApkCertificateDigestSha256 []any `json:"apkCertificateDigestSha256"`
BasicIntegrity bool `json:"basicIntegrity"`
}
// Thanks to @koesie10 and @herrjemand for outlining how to support this type really well
// When the authenticator in question is a platform-provided Authenticator on certain Android platforms, the attestation
// statement is based on the SafetyNet API. In this case the authenticator data is completely controlled by the caller of
// the SafetyNet API (typically an application running on the Android platform) and the attestation statement only provides
//
// some statements about the health of the platform and the identity of the calling application. This attestation does not
//
// provide information regarding provenance of the authenticator and its associated data. Therefore platform-provided
// authenticators SHOULD make use of the Android Key Attestation when available, even if the SafetyNet API is also present.
//
// Specification: §8.5. Android SafetyNet Attestation Statement Format (https://www.w3.org/TR/webauthn/#sctn-android-safetynet-attestation)
func verifySafetyNetFormat(
att AttestationObject,
clientDataHash []byte,
mds metadata.Provider,
) (string, []any, error) {
// The syntax of an Android Attestation statement is defined as follows:
// $$attStmtType //= (
// fmt: "android-safetynet",
// attStmt: safetynetStmtFormat
// )
// safetynetStmtFormat = {
// ver: text,
// response: bytes
// }
// §8.5.1 Verify that attStmt is valid CBOR conforming to the syntax defined above and perform CBOR decoding on it to extract
// the contained fields.
// We have done this
// §8.5.2 Verify that response is a valid SafetyNet response of version ver.
version, present := att.AttStatement[stmtVersion].(string)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Unable to find the version of SafetyNet")
}
if version == "" {
return "", nil, ErrAttestationFormat.WithDetails("Not a proper version for SafetyNet")
}
// Validate that the SafetyNet version is supported
if !supportedSafetyNetVersions[version] {
return "", nil, ErrAttestationFormat.WithDetails(
fmt.Sprintf("Unsupported SafetyNet version: %s", version),
)
}
response, present := att.AttStatement["response"].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Unable to find the SafetyNet response")
}
token, err := jwt.Parse(string(response), func(token *jwt.Token) (any, error) {
chain := token.Header[stmtX5C].([]any)
o := make([]byte, base64.StdEncoding.DecodedLen(len(chain[0].(string))))
n, err := base64.StdEncoding.Decode(o, []byte(chain[0].(string)))
if err != nil {
return nil, err
}
cert, err := x509.ParseCertificate(o[:n])
return cert.PublicKey, err
})
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error finding cert issued to correct hostname: %+v", err)).
WithError(err)
}
// marshall the JWT payload into the safetynet response json
var safetyNetResponse SafetyNetResponse
if err = mapstructure.Decode(token.Claims, &safetyNetResponse); err != nil {
return "", nil, ErrAttestationFormat.WithDetails(fmt.Sprintf("Error parsing the SafetyNet response: %+v", err)).
WithError(err)
}
// §8.5.3 Verify that the nonce in the response is identical to the Base64 encoding of the SHA-256 hash of the concatenation
// of authenticatorData and clientDataHash.
nonceBuffer := sha256.Sum256(append(att.RawAuthData, clientDataHash...))
nonceBytes, err := base64.StdEncoding.DecodeString(safetyNetResponse.Nonce)
if !bytes.Equal(nonceBuffer[:], nonceBytes) || err != nil {
return "", nil, ErrInvalidAttestation.WithDetails("Invalid nonce for in SafetyNet response").
WithError(err)
}
// §8.5.4 Let attestationCert be the attestation certificate (https://www.w3.org/TR/webauthn/#attestation-certificate)
certChain := token.Header[stmtX5C].([]any)
l := make([]byte, base64.StdEncoding.DecodedLen(len(certChain[0].(string))))
n, err := base64.StdEncoding.Decode(l, []byte(certChain[0].(string)))
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error finding cert issued to correct hostname: %+v", err)).
WithError(err)
}
attestationCert, err := x509.ParseCertificate(l[:n])
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error finding cert issued to correct hostname: %+v", err)).
WithError(err)
}
// §8.5.5 Verify that attestationCert is issued to the hostname "attest.android.com"
err = attestationCert.VerifyHostname("attest.android.com")
if err != nil {
return "", nil, ErrInvalidAttestation.WithDetails(fmt.Sprintf("Error finding cert issued to correct hostname: %+v", err)).
WithError(err)
}
// §8.5.6 Verify that the ctsProfileMatch attribute in the payload of response is true.
if !safetyNetResponse.CtsProfileMatch {
return "", nil, ErrInvalidAttestation.WithDetails(
"ctsProfileMatch attribute of the JWT payload is false",
)
}
if t := time.Unix(safetyNetResponse.TimestampMs/1000, 0); t.After(time.Now()) {
// Zero tolerance for post-dated timestamps.
return "", nil, ErrInvalidAttestation.WithDetails(
"SafetyNet response with timestamp after current time",
)
} else if t.Before(time.Now().Add(-time.Minute)) {
// Small tolerance for pre-dated timestamps.
if mds != nil && mds.GetValidateEntry(context.Background()) {
return "", nil, ErrInvalidAttestation.WithDetails("SafetyNet response with timestamp before one minute ago")
}
}
// §8.5.7 If successful, return implementation-specific values representing attestation type Basic and attestation
// trust path attestationCert.
return string(metadata.BasicFull), nil, nil
}

145
webauthn/attestation_safetynet_test.go Normal file
View File

File diff suppressed because one or more lines are too long

221
webauthn/attestation_test.go Normal file
View File

@@ -0,0 +1,221 @@
package webauthn
import (
"crypto/sha256"
"encoding/json"
"fmt"
"testing"
"github.com/stretchr/testify/require"
)
func TestAttestationVerify(t *testing.T) {
for i := range testAttestationOptions {
t.Run(fmt.Sprintf("Running test %d", i), func(t *testing.T) {
options := CredentialCreation{}
require.NoError(t, json.Unmarshal([]byte(testAttestationOptions[i]), &options))
ccr := CredentialCreationResponse{}
require.NoError(t, json.Unmarshal([]byte(testAttestationResponses[i]), &ccr))
var pcc ParsedCredentialCreationData
pcc.ID, pcc.RawID, pcc.Type, pcc.ClientExtensionResults = ccr.ID, ccr.RawID, ccr.Type, ccr.ClientExtensionResults
pcc.Raw = ccr
parsedAttestationResponse, err := ccr.AttestationResponse.Parse()
require.NoError(t, err)
pcc.Response = *parsedAttestationResponse
_, err = pcc.Verify(
options.Response.Challenge.String(),
false,
false,
options.Response.RelyingParty.ID,
[]string{options.Response.RelyingParty.Name},
nil,
TopOriginIgnoreVerificationMode,
nil,
options.Response.Parameters,
)
require.NoError(t, err)
})
}
}
func attestationTestUnpackResponse(
t *testing.T,
response string,
) (pcc ParsedCredentialCreationData) {
ccr := CredentialCreationResponse{}
require.NoError(t, json.Unmarshal([]byte(response), &ccr))
pcc.ID, pcc.RawID, pcc.Type, pcc.ClientExtensionResults = ccr.ID, ccr.RawID, ccr.Type, ccr.ClientExtensionResults
pcc.Raw = ccr
parsedAttestationResponse, err := ccr.AttestationResponse.Parse()
require.NoError(t, err)
pcc.Response = *parsedAttestationResponse
return pcc
}
func TestPackedAttestationVerification(t *testing.T) {
t.Run("Testing Self Packed", func(t *testing.T) {
pcc := attestationTestUnpackResponse(t, testAttestationResponses[0])
// Test Packed Verification. Unpack args.
clientDataHash := sha256.Sum256(pcc.Raw.AttestationResponse.ClientDataJSON)
_, _, err := verifyPackedFormat(pcc.Response.AttestationObject, clientDataHash[:], nil)
require.NoError(t, err)
})
}
var testAttestationOptions = []string{
// Direct Self Attestation with EC256 - MacOS.
`{"publicKey": {
"challenge": "rWiex8xDOPfiCgyFu4BLW6vVOmXKgPwHrlMCgEs9SBA",
"rp": {
"name": "http://localhost:9005",
"id": "localhost"
},
"user": {
"name": "self",
"displayName": "self",
"id": "2iEAAAAAAAAAAA=="
},
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
}
],
"authenticatorSelection": {
"authenticatorAttachment": "cross-platform",
"userVerification": "preferred"
},
"timeout": 60000,
"attestation": "direct"
}}`,
// Direct Attestation with EC256.
`{"publicKey": {
"challenge": "-Ri5NZTzJ8b6mvW3TVScLotEoALfgBa2Bn4YSaIObHc",
"rp": {
"name": "https://webauthn.io",
"id": "webauthn.io"
},
"user": {
"name": "flort",
"displayName": "flort",
"id": "1DMAAAAAAAAAAA=="
},
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
}
],
"authenticatorSelection": {
"authenticatorAttachment": "cross-platform",
"userVerification": "preferred"
},
"timeout": 60000,
"attestation": "direct"
}}`,
// None Attestation with EC256.
`{
"publicKey": {
"challenge": "sVt4ScceMzqFSnfAq8hgLzblvo3fa4_aFVEcIESHIJ0",
"rp": {
"name": "https://webauthn.io",
"id": "webauthn.io"
},
"user": {
"name": "testuser1",
"displayName": "testuser1",
"id": "1zMAAAAAAAAAAA=="
},
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
}
],
"authenticatorSelection": {
"authenticatorAttachment": "cross-platform",
"userVerification": "preferred"
},
"timeout": 60000,
"attestation": "none"
}
}`,
`{
"publicKey": {
"rp": {
"name": "https://gramthanos.github.io",
"id": "gramthanos.github.io"
},
"user": {
"name": "john.smith@email.com",
"displayName": "J. Smith",
"id": "am9obi5zbWl0aEBlbWFpbC5jb20="
},
"challenge": "Dw4NDAsKCQgHBgUEAwIBAA==",
"pubKeyCredParams": [
{"type": "public-key", "alg": -7},
{"type": "public-key", "alg": -37},
{"type": "public-key", "alg": -257},
{"type": "public-key", "alg": -8}
],
"timeout": 120000,
"attestation": "direct"
}
}`,
}
var testAttestationResponses = []string{
// Self Attestation with EC256 - MacOS.
`{
"id": "AOx6vFGGITtlwjhqFFvAkJmBzSzfwE1dBa1fVR_Ltq5L35FJRNdgkXe84v3-0TEVNCSp",
"rawId": "AOx6vFGGITtlwjhqFFvAkJmBzSzfwE1dBa1fVR_Ltq5L35FJRNdgkXe84v3-0TEVNCSp",
"response": {
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEcwRQIhAJgdgw5x8JzE4JfR6x1RBO8eCHNE8eW_L1VTV03zpyL5AiBv8eUzua3XSS3bPYC7m8eXzJhcaRyeGe7UcuqIrDSvC2hhdXRoRGF0YVi3SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NFXJE5zK3OAAI1vMYKZIsLJfHwVQMAMwDserxRhiE7ZcI4ahRbwJCZgc0s38BNXQWtX1Ufy7auS9-RSUTXYJF3vOL9_tExFTQkqaUBAgMmIAEhWCCm9OYidwiIoH9SwVQqUAnH8Gj5ZJ2_qr8gjbg41q4M1SJYIA07XKpHSgS1mE7R1MjotVIQqyHi9WAxGwHQsCteVK2V",
"clientDataJSON": "eyJjaGFsbGVuZ2UiOiJyV2lleDh4RE9QZmlDZ3lGdTRCTFc2dlZPbVhLZ1B3SHJsTUNnRXM5U0JBIiwib3JpZ2luIjoiaHR0cDovL2xvY2FsaG9zdDo5MDA1IiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9"
},
"type": "public-key"
}`,
// Direct Attestation with EC256 - Titan.
`{
"id": "FOxcmsqPLNCHtyILvbNkrtHMdKAeqSJXYZDbeFd0kc5Enm8Kl6a0Jp0szgLilDw1S4CjZhe9Z2611EUGbjyEmg",
"rawId": "FOxcmsqPLNCHtyILvbNkrtHMdKAeqSJXYZDbeFd0kc5Enm8Kl6a0Jp0szgLilDw1S4CjZhe9Z2611EUGbjyEmg",
"response": {
"attestationObject": "o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEYwRAIgfyIhwZj-fkEVyT1GOK8chDHJR2chXBLSRg6bTCjODmwCIHH6GXI_BQrcR-GHg5JfazKVQdezp6_QWIFfT4ltTCO2Y3g1Y4FZAlMwggJPMIIBN6ADAgECAgQSNtF_MA0GCSqGSIb3DQEBCwUAMC4xLDAqBgNVBAMTI1l1YmljbyBVMkYgUm9vdCBDQSBTZXJpYWwgNDU3MjAwNjMxMCAXDTE0MDgwMTAwMDAwMFoYDzIwNTAwOTA0MDAwMDAwWjAxMS8wLQYDVQQDDCZZdWJpY28gVTJGIEVFIFNlcmlhbCAyMzkyNTczNDEwMzI0MTA4NzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNNlqR5emeDVtDnA2a-7h_QFjkfdErFE7bFNKzP401wVE-QNefD5maviNnGVk4HJ3CsHhYuCrGNHYgTM9zTWriGjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS41MBMGCysGAQQBguUcAgEBBAQDAgUgMA0GCSqGSIb3DQEBCwUAA4IBAQAiG5uzsnIk8T6-oyLwNR6vRklmo29yaYV8jiP55QW1UnXdTkEiPn8mEQkUac-Sn6UmPmzHdoGySG2q9B-xz6voVQjxP2dQ9sgbKd5gG15yCLv6ZHblZKkdfWSrUkrQTrtaziGLFSbxcfh83vUjmOhDLFC5vxV4GXq2674yq9F2kzg4nCS4yXrO4_G8YWR2yvQvE2ffKSjQJlXGO5080Ktptplv5XN4i5lS-AKrT5QRVbEJ3B4g7G0lQhdYV-6r4ZtHil8mF4YNMZ0-RaYPxAaYNWkFYdzOZCaIdQbXRZefgGfbMUiAC2gwWN7fiPHV9eu82NYypGU32OijG9BjhGt_aGF1dGhEYXRhWMR0puqSE8mcL3SyJJKzIM9AJiqUwalQoDl_KSULYIQe8EEAAAAAAAAAAAAAAAAAAAAAAAAAAABAFOxcmsqPLNCHtyILvbNkrtHMdKAeqSJXYZDbeFd0kc5Enm8Kl6a0Jp0szgLilDw1S4CjZhe9Z2611EUGbjyEmqUBAgMmIAEhWCD_ap3Q9zU8OsGe967t48vyRxqn8NfFTk307mC1WsH2ISJYIIcqAuW3MxhU0uDtaSX8-Ftf_zeNJLdCOEjZJGHsrLxH",
"clientDataJSON": "eyJjaGFsbGVuZ2UiOiItUmk1TlpUeko4YjZtdlczVFZTY0xvdEVvQUxmZ0JhMkJuNFlTYUlPYkhjIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ"
},
"type": "public-key"
}`,
// None Attestation with EC256 - Titan.
`{
"id": "6Jry73M_WVWDoXLsGxRsBVVHpPWDpNy1ETGXUEvJLdTAn5Ew6nDGU6W8iO3ZkcLEqr-CBwvx0p2WAxzt8RiwQQ",
"rawId": "6Jry73M_WVWDoXLsGxRsBVVHpPWDpNy1ETGXUEvJLdTAn5Ew6nDGU6W8iO3ZkcLEqr-CBwvx0p2WAxzt8RiwQQ",
"response": {
"attestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOia8u9zP1lVg6Fy7BsUbAVVR6T1g6TctRExl1BLyS3UwJ-RMOpwxlOlvIjt2ZHCxKq_ggcL8dKdlgMc7fEYsEGlAQIDJiABIVgg--n_QvZithDycYmnifk6vMHiwBP6kugn2PlsnvkrcSgiWCBAlBYm2B-rMtQlp5MxGTLoGDHoktxb0p364Hy2BH9U2Q",
"clientDataJSON": "eyJjaGFsbGVuZ2UiOiJzVnQ0U2NjZU16cUZTbmZBcThoZ0x6Ymx2bzNmYTRfYUZWRWNJRVNISUowIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ"
},
"type": "public-key"
}`, `{
"type": "public-key",
"id": "GramThanos8pyTMpdk0qJLv3eLhUP3EXIXjD-uyqD0gab1pdvGy1ig77ZLl_ZU_vnd2296FoIZ67pZqTChpSJPq_oqUhjmr5Osv_LLiY7YGsAafMUdIb_LKOdwc6sfXyy_Ygl3_w-vl3tU9EPGyzgtI7hTBeMXnSIaOV6CUUf6d9op4JyxEDJr-roWxRMJPfnVAMLvv4lF_Cpd6Of0o75nDcCtEsTiynINihIwee1gmg0BAVKh3seWoNqXMpiXgPWc9Jt8ibjN9O-bsag3tELVs9uOoe-NZEmwbph0jJh_Y6e2H5Nwkp7WghST0P6krTL_sUlbpmDolhfFut0YljLrOrz_llW-WHySwvaAG2vzgvxA",
"rawId": "GramThanos8pyTMpdk0qJLv3eLhUP3EXIXjD-uyqD0gab1pdvGy1ig77ZLl_ZU_vnd2296FoIZ67pZqTChpSJPq_oqUhjmr5Osv_LLiY7YGsAafMUdIb_LKOdwc6sfXyy_Ygl3_w-vl3tU9EPGyzgtI7hTBeMXnSIaOV6CUUf6d9op4JyxEDJr-roWxRMJPfnVAMLvv4lF_Cpd6Of0o75nDcCtEsTiynINihIwee1gmg0BAVKh3seWoNqXMpiXgPWc9Jt8ibjN9O-bsag3tELVs9uOoe-NZEmwbph0jJh_Y6e2H5Nwkp7WghST0P6krTL_sUlbpmDolhfFut0YljLrOrz_llW-WHySwvaAG2vzgvxA",
"response": {
"clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiRHc0TkRBc0tDUWdIQmdVRUF3SUJBQSIsIm9yaWdpbiI6Imh0dHBzOi8vZ3JhbXRoYW5vcy5naXRodWIuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2UsInZpcnR1YWxfYXV0aGVudGljYXRvciI6IkdyYW1UaGFub3MgJiBVbml2ZXJzaXR5IG9mIFBpcmFldXMifQ",
"attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgaTjQj-hC9GH1fCbOT_8m4wdVJBZMG0252iBEwIGKWkUCIApZyPGh_ihn57GRKN-qTVCwgBqe4V40LL-r9_Y2pRXiY3g1Y4FZAgUwggIBMIIBpqADAgECAgVixtGpsjAKBggqhkjOPQQDAjBQMQswCQYDVQQGEwJHUjESMBAGA1UECgwJVU5JUEkgU1NMMS0wKwYDVQQDEyRVTklQSSBGSURPMiBWaXJ0dWFsIEF1dGhlbnRpY2F0b3IgQ0EwIhgPMjAyMDEyMzEyMjAwMDBaGA8yMTIwMTIzMTIyMDAwMFowcTELMAkGA1UEBhMCR1IxEjAQBgNVBAoMCVVOSVBJIFNTTDEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEqMCgGA1UEAwwhVU5JUEkgRklETzIgVmlydHVhbCBBdXRoZW50aWNhdG9yMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE_l8G-E0tTiXogmgXZZ0nRUMc7NO5-sowWP0lZhX8GZbU_n2TPO1J-39UbRABHUK_2J-ZbzcDAu2oy_nazsz4CqNIMEYwIQYLKwYBBAGC5RwBAQQEEgQQCJhwWMrcS4G24TDeUNy-ljATBgsrBgEEAYLlHAIBAQQEAwIFIDAMBgNVHRMBAf8EAjAAMAoGCCqGSM49BAMCA0kAMEYCIQDsyXh97GlMAcRq8khd4U-26d1E92a0lupZUGNBlki_MQIhAJFqO_qmBakyeD1esP4v3gIWsYKmHpiwJ64UKlid5NobaGF1dGhEYXRhWQGWou-FTChrR7AO-C0KXtsaxN1QIX4DOq_aCmYeKeUXnlZFAAAAAQiYcFjK3EuBtuEw3lDcvpYBEhq2pk4Wp6LPKckzKXZNKiS793i4VD9xFyF4w_rsqg9IGm9aXbxstYoO-2S5f2VP753dtvehaCGeu6WakwoaUiT6v6KlIY5q-TrL_yy4mO2BrAGnzFHSG_yyjncHOrH18sv2IJd_8Pr5d7VPRDxss4LSO4UwXjF50iGjleglFH-nfaKeCcsRAya_q6FsUTCT351QDC77-JRfwqXejn9KO-Zw3ArRLE4spyDYoSMHntYJoNAQFSod7HlqDalzKYl4D1nPSbfIm4zfTvm7GoN7RC1bPbjqHvjWRJsG6YdIyYf2Onth-TcJKe1oIUk9D-pK0y_7FJW6Zg6JYXxbrdGJYy6zq8_5ZVvlh8ksL2gBtr84L8SlAQIDJiABIVgg_l8G-E0tTiXogmgXZZ0nRUMc7NO5-sowWP0lZhX8GZYiWCDU_n2TPO1J-39UbRABHUK_2J-ZbzcDAu2oy_nazsz4Cg"
}
}`,
}

488
webauthn/attestation_tpm.go Normal file
View File

@@ -0,0 +1,488 @@
package webauthn
import (
"bytes"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"errors"
"fmt"
"strings"
"github.com/google/go-tpm/legacy/tpm2"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func init() {
RegisterAttestationFormat(AttestationFormatTPM, verifyTPMFormat)
}
func verifyTPMFormat(
att AttestationObject,
clientDataHash []byte,
_ metadata.Provider,
) (string, []any, error) {
// Given the verification procedure inputs attStmt, authenticatorData
// and clientDataHash, the verification procedure is as follows
// Verify that attStmt is valid CBOR conforming to the syntax defined
// above and perform CBOR decoding on it to extract the contained fields
ver, present := att.AttStatement[stmtVersion].(string)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving ver value")
}
if ver != "2.0" {
return "", nil, ErrAttestationFormat.WithDetails("WebAuthn only supports TPM 2.0 currently")
}
alg, present := att.AttStatement[stmtAlgorithm].(int64)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving alg value")
}
coseAlg := webauthncose.COSEAlgorithmIdentifier(alg)
x5c, x509present := att.AttStatement[stmtX5C].([]any)
if !x509present {
// Handle Basic Attestation steps for the x509 Certificate
return "", nil, ErrNotImplemented
}
_, ecdaaKeyPresent := att.AttStatement[stmtECDAAKID].([]byte)
if ecdaaKeyPresent {
return "", nil, ErrNotImplemented
}
sigBytes, present := att.AttStatement[stmtSignature].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving sig value")
}
certInfoBytes, present := att.AttStatement[stmtCertInfo].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving certInfo value")
}
pubAreaBytes, present := att.AttStatement[stmtPubArea].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Error retrieving pubArea value")
}
// Verify that the public key specified by the parameters and unique fields of pubArea
// is identical to the credentialPublicKey in the attestedCredentialData in authenticatorData.
pubArea, err := tpm2.DecodePublic(pubAreaBytes)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Unable to decode TPMT_PUBLIC in attestation statement").
WithError(err)
}
key, err := webauthncose.ParsePublicKey(att.AuthData.AttData.CredentialPublicKey)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Failed to parse public key from credential data").
WithError(err)
}
switch k := key.(type) {
case webauthncose.EC2PublicKeyData:
if pubArea.ECCParameters.CurveID != k.TPMCurveID() ||
!bytes.Equal(pubArea.ECCParameters.Point.XRaw, k.XCoord) ||
!bytes.Equal(pubArea.ECCParameters.Point.YRaw, k.YCoord) {
return "", nil, ErrAttestationFormat.WithDetails("Mismatch between ECCParameters in pubArea and credentialPublicKey")
}
case webauthncose.RSAPublicKeyData:
exp := uint32(k.Exponent[0]) + uint32(k.Exponent[1])<<8 + uint32(k.Exponent[2])<<16
if !bytes.Equal(pubArea.RSAParameters.ModulusRaw, k.Modulus) ||
pubArea.RSAParameters.Exponent() != exp {
return "", nil, ErrAttestationFormat.WithDetails("Mismatch between RSAParameters in pubArea and credentialPublicKey")
}
default:
return "", nil, ErrUnsupportedKey
}
// Concatenate authenticatorData and clientDataHash to form attToBeSigned
attToBeSigned := append(att.RawAuthData, clientDataHash...)
// Validate that certInfo is valid:
// 1/4 Verify that magic is set to TPM_GENERATED_VALUE, handled here
certInfo, err := tpm2.DecodeAttestationData(certInfoBytes)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Failed to decode TPM attestation data").
WithError(err)
}
// 2/4 Verify that type is set to TPM_ST_ATTEST_CERTIFY.
if certInfo.Type != tpm2.TagAttestCertify {
return "", nil, ErrAttestationFormat.WithDetails("Type is not set to TPM_ST_ATTEST_CERTIFY")
}
// 3/4 Verify that extraData is set to the hash of attToBeSigned using the hash algorithm employed in "alg".
h := webauthncose.HasherFromCOSEAlg(coseAlg)
h.Write(attToBeSigned)
if !bytes.Equal(certInfo.ExtraData, h.Sum(nil)) {
return "", nil, ErrAttestationFormat.WithDetails(
"ExtraData is not set to hash of attToBeSigned",
)
}
// 4/4 Verify that attested contains a TPMS_CERTIFY_INFO structure as specified in
// [TPMv2-Part2] section 10.12.3, whose name field contains a valid Name for pubArea,
// as computed using the algorithm in the nameAlg field of pubArea
// using the procedure specified in [TPMv2-Part1] section 16.
matches, err := certInfo.AttestedCertifyInfo.Name.MatchesPublic(pubArea)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Failed to match public area with attested info").
WithError(err)
}
if !matches {
return "", nil, ErrAttestationFormat.WithDetails("Hash value mismatch attested and pubArea")
}
// Note that the remaining fields in the "Standard Attestation Structure"
// [TPMv2-Part1] section 31.2, i.e., qualifiedSigner, clockInfo and firmwareVersion
// are ignored. These fields MAY be used as an input to risk engines.
// If x5c is present, this indicates that the attestation type is not ECDAA.
if x509present {
// In this case:
// Verify the sig is a valid signature over certInfo using the attestation public key in aikCert with the algorithm specified in alg.
aikCertBytes, valid := x5c[0].([]byte)
if !valid {
return "", nil, ErrAttestation.WithDetails(
"Error getting certificate from x5c cert chain",
)
}
var aikCert *x509.Certificate
if aikCert, err = x509.ParseCertificate(aikCertBytes); err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Error parsing certificate from ASN.1")
}
if err = aikCert.CheckSignature(webauthncose.SigAlgFromCOSEAlg(coseAlg), certInfoBytes, sigBytes); err != nil {
return "", nil, ErrAttestationFormat.WithDetails(
fmt.Sprintf("Signature validation error: %+v\n", err),
)
}
// Verify that aikCert meets the requirements in §8.3.1 TPM Attestation Statement Certificate Requirements
// 1/6 Version MUST be set to 3.
if aikCert.Version != 3 {
return "", nil, ErrAttestationFormat.WithDetails("AIK certificate version must be 3")
}
// 2/6 Subject field MUST be set to empty.
if aikCert.Subject.String() != "" {
return "", nil, ErrAttestationFormat.WithDetails(
"AIK certificate subject must be empty",
)
}
var (
manufacturer, model, version string
ekuValid = false
eku []asn1.ObjectIdentifier
constraints tpmBasicConstraints
rest []byte
)
for _, ext := range aikCert.Extensions {
if ext.Id.Equal(oidExtensionSubjectAltName) {
if manufacturer, model, version, err = parseSANExtension(ext.Value); err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Failed to parse SAN extension").
WithError(err)
}
} else if ext.Id.Equal(oidExtensionExtendedKeyUsage) {
if rest, err = asn1.Unmarshal(ext.Value, &eku); len(rest) != 0 || err != nil || !eku[0].Equal(tcgKpAIKCertificate) {
return "", nil, ErrAttestationFormat.WithDetails("AIK certificate EKU missing 2.23.133.8.3")
}
ekuValid = true
} else if ext.Id.Equal(oidExtensionBasicConstraints) {
if rest, err = asn1.Unmarshal(ext.Value, &constraints); err != nil {
return "", nil, ErrAttestationFormat.WithDetails("AIK certificate basic constraints malformed")
} else if len(rest) != 0 {
return "", nil, ErrAttestationFormat.WithDetails("AIK certificate basic constraints contains extra data")
}
}
}
// 3/6 The Subject Alternative Name extension MUST be set as defined in [TPMv2-EK-Profile] section 3.2.9{}
if manufacturer == "" || model == "" || version == "" {
return "", nil, ErrAttestationFormat.WithDetails("Invalid SAN data in AIK certificate")
}
if !isValidTPMManufacturer(manufacturer) {
return "", nil, ErrAttestationFormat.WithDetails("Invalid TPM manufacturer")
}
// 4/6 The Extended Key Usage extension MUST contain the "joint-iso-itu-t(2) internationalorganizations(23) 133 tcg-kp(8) tcg-kp-AIKCertificate(3)" OID.
if !ekuValid {
return "", nil, ErrAttestationFormat.WithDetails("AIK certificate missing EKU")
}
// 6/6 An Authority Information Access (AIA) extension with entry id-ad-ocsp and a CRL Distribution Point
// extension [RFC5280] are both OPTIONAL as the status of many attestation certificates is available
// through metadata services. See, for example, the FIDO Metadata Service.
if constraints.IsCA {
return "", nil, ErrAttestationFormat.WithDetails(
"AIK certificate basic constraints missing or CA is true",
)
}
}
return string(metadata.AttCA), x5c, err
}
// forEachSAN loops through the TPM SAN extension.
//
// RFC 5280, 4.2.1.6
// SubjectAltName ::= GeneralNames
//
// GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
//
// GeneralName ::= CHOICE {
// otherName [0] OtherName,
// rfc822Name [1] IA5String,
// dNSName [2] IA5String,
// x400Address [3] ORAddress,
// directoryName [4] Name,
// ediPartyName [5] EDIPartyName,
// uniformResourceIdentifier [6] IA5String,
// iPAddress [7] OCTET STRING,
// registeredID [8] OBJECT IDENTIFIER }
func forEachSAN(extension []byte, callback func(tag int, data []byte) error) error {
var seq asn1.RawValue
rest, err := asn1.Unmarshal(extension, &seq)
if err != nil {
return err
} else if len(rest) != 0 {
return errors.New("x509: trailing data after X.509 extension")
}
if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
return asn1.StructuralError{Msg: "bad SAN sequence"}
}
rest = seq.Bytes
for len(rest) > 0 {
var v asn1.RawValue
rest, err = asn1.Unmarshal(rest, &v)
if err != nil {
return err
}
if err := callback(v.Tag, v.Bytes); err != nil {
return err
}
}
return nil
}
const (
nameTypeDN = 4
)
var (
tcgKpAIKCertificate = asn1.ObjectIdentifier{2, 23, 133, 8, 3}
tcgAtTpmManufacturer = asn1.ObjectIdentifier{2, 23, 133, 2, 1}
tcgAtTpmModel = asn1.ObjectIdentifier{2, 23, 133, 2, 2}
tcgAtTpmVersion = asn1.ObjectIdentifier{2, 23, 133, 2, 3}
)
func parseSANExtension(
value []byte,
) (manufacturer string, model string, version string, err error) {
err = forEachSAN(value, func(tag int, data []byte) error {
switch tag {
case nameTypeDN:
tpmDeviceAttributes := pkix.RDNSequence{}
_, err := asn1.Unmarshal(data, &tpmDeviceAttributes)
if err != nil {
return err
}
for _, rdn := range tpmDeviceAttributes {
if len(rdn) == 0 {
continue
}
for _, atv := range rdn {
value, ok := atv.Value.(string)
if !ok {
continue
}
if atv.Type.Equal(tcgAtTpmManufacturer) {
manufacturer = strings.TrimPrefix(value, "id:")
}
if atv.Type.Equal(tcgAtTpmModel) {
model = value
}
if atv.Type.Equal(tcgAtTpmVersion) {
version = strings.TrimPrefix(value, "id:")
}
}
}
}
return nil
})
return manufacturer, model, version, err
}
var tpmManufacturers = []struct {
id string
name string
code string
}{
{"414D4400", "AMD", "AMD"},
{"414E5400", "Ant Group", "ANT"},
{"41544D4C", "Atmel", "ATML"},
{"4252434D", "Broadcom", "BRCM"},
{"4353434F", "Cisco", "CSCO"},
{"464C5953", "Flyslice Technologies", "FLYS"},
{"524F4343", "Fuzhou Rockchip", "ROCC"},
{"474F4F47", "Google", "GOOG"},
{"48504900", "HPI", "HPI"},
{"48504500", "HPE", "HPE"},
{"48495349", "Huawei", "HISI"},
{"49424d00", "IBM", "IBM"},
{"49424D00", "IBM", "IBM"},
{"49465800", "Infineon", "IFX"},
{"494E5443", "Intel", "INTC"},
{"4C454E00", "Lenovo", "LEN"},
{"4D534654", "Microsoft", "MSFT"},
{"4E534D20", "National Semiconductor", "NSM"},
{"4E545A00", "Nationz", "NTZ"},
{"4E544300", "Nuvoton Technology", "NTC"},
{"51434F4D", "Qualcomm", "QCOM"},
{"534D534E", "Samsung", "SECE"},
{"53454345", "SecEdge", "SecEdge"},
{"534E5300", "Sinosun", "SNS"},
{"534D5343", "SMSC", "SMSC"},
{"53544D20", "ST Microelectronics", "STM"},
{"54584E00", "Texas Instruments", "TXN"},
{"57454300", "Winbond", "WEC"},
{"5345414C", "Wisekey", "SEAL"},
{"FFFFF1D0", "FIDO Alliance Conformance Testing", "FIDO"},
}
func isValidTPMManufacturer(id string) bool {
for _, m := range tpmManufacturers {
if m.id == id {
return true
}
}
return false
}
func tpmParseAIKAttCA(x5c *x509.Certificate, x5cis []*x509.Certificate) (err *Error) {
if err = tpmParseSANExtension(x5c); err != nil {
return err
}
if err = tpmRemoveEKU(x5c); err != nil {
return err
}
for _, parent := range x5cis {
if err = tpmRemoveEKU(parent); err != nil {
return err
}
}
return nil
}
func tpmParseSANExtension(attestation *x509.Certificate) (protoErr *Error) {
var (
manufacturer, model, version string
err error
)
for _, ext := range attestation.Extensions {
if ext.Id.Equal(oidExtensionSubjectAltName) {
if manufacturer, model, version, err = parseSANExtension(ext.Value); err != nil {
return ErrInvalidAttestation.WithDetails("Authenticator with invalid Authenticator Identity Key SAN data encountered during attestation validation.").
WithInfo(fmt.Sprintf("Error occurred parsing SAN extension: %s", err.Error())).
WithError(err)
}
}
}
if manufacturer == "" || model == "" || version == "" {
return ErrAttestationFormat.WithDetails("Invalid SAN data in AIK certificate.")
}
var unhandled []asn1.ObjectIdentifier
for _, uce := range attestation.UnhandledCriticalExtensions {
if uce.Equal(oidExtensionSubjectAltName) {
continue
}
unhandled = append(unhandled, uce)
}
attestation.UnhandledCriticalExtensions = unhandled
return nil
}
var (
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
oidExtensionBasicConstraints = []int{2, 5, 29, 19}
oidKpPrivacyCA = []int{1, 3, 6, 1, 4, 1, 311, 21, 36}
)
type tpmBasicConstraints struct {
IsCA bool `asn1:"optional"`
MaxPathLen int `asn1:"optional,default:-1"`
}
// Remove extension key usage to avoid ExtKeyUsage check failure.
func tpmRemoveEKU(x5c *x509.Certificate) *Error {
var (
unknown []asn1.ObjectIdentifier
hasAiK bool
)
for _, eku := range x5c.UnknownExtKeyUsage {
if eku.Equal(tcgKpAIKCertificate) {
hasAiK = true
continue
}
if eku.Equal(oidKpPrivacyCA) {
continue
}
unknown = append(unknown, eku)
}
if !hasAiK {
return ErrAttestationFormat.WithDetails(
"Attestation Identity Key certificate missing required Extended Key Usage.",
)
}
x5c.UnknownExtKeyUsage = unknown
return nil
}

669
webauthn/attestation_tpm_test.go Normal file
View File

File diff suppressed because one or more lines are too long

149
webauthn/attestation_u2f.go Normal file
View File

@@ -0,0 +1,149 @@
package webauthn
import (
"bytes"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/x509"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/webauthncbor"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func init() {
RegisterAttestationFormat(AttestationFormatFIDOUniversalSecondFactor, verifyU2FFormat)
}
// verifyU2FFormat - Follows verification steps set out by https://www.w3.org/TR/webauthn/#fido-u2f-attestation
func verifyU2FFormat(
att AttestationObject,
clientDataHash []byte,
_ metadata.Provider,
) (string, []any, error) {
if !bytes.Equal(
att.AuthData.AttData.AAGUID,
[]byte{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
) {
return "", nil, ErrUnsupportedAlgorithm.WithDetails(
"U2F attestation format AAGUID not set to 0x00",
)
}
// Signing procedure step - If the credential public key of the given credential is not of
// algorithm -7 ("ES256"), stop and return an error.
key := webauthncose.EC2PublicKeyData{}
webauthncbor.Unmarshal(att.AuthData.AttData.CredentialPublicKey, &key)
if webauthncose.COSEAlgorithmIdentifier(key.PublicKeyData.Algorithm) != webauthncose.AlgES256 {
return "", nil, ErrUnsupportedAlgorithm.WithDetails("Non-ES256 Public Key algorithm used")
}
// U2F Step 1. Verify that attStmt is valid CBOR conforming to the syntax defined above
// and perform CBOR decoding on it to extract the contained fields.
// The Format/syntax is
// u2fStmtFormat = {
// x5c: [ attestnCert: bytes ],
// sig: bytes
// }
// Check for "x5c" which is a single element array containing the attestation certificate in X.509 format.
x5c, present := att.AttStatement[stmtX5C].([]any)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Missing properly formatted x5c data")
}
// Check for "sig" which is The attestation signature. The signature was calculated over the (raw) U2F
// registration response message https://www.w3.org/TR/webauthn/#biblio-fido-u2f-message-formats]
// received by the client from the authenticator.
signature, present := att.AttStatement[stmtSignature].([]byte)
if !present {
return "", nil, ErrAttestationFormat.WithDetails("Missing sig data")
}
// U2F Step 2. (1) Check that x5c has exactly one element and let attCert be that element. (2) Let certificate public
// key be the public key conveyed by attCert. (3) If certificate public key is not an Elliptic Curve (EC) public
// key over the P-256 curve, terminate this algorithm and return an appropriate error.
// Step 2.1
if len(x5c) > 1 {
return "", nil, ErrAttestationFormat.WithDetails(
"Received more than one element in x5c values",
)
}
// Note: Packed Attestation, FIDO U2F Attestation, and Assertion Signatures support ASN.1,but it is recommended
// that any new attestation formats defined not use ASN.1 encodings, but instead represent signatures as equivalent
// fixed-length byte arrays without internal structure, using the same representations as used by COSE signatures
// as defined in RFC8152 (https://www.w3.org/TR/webauthn/#biblio-rfc8152)
// and RFC8230 (https://www.w3.org/TR/webauthn/#biblio-rfc8230).
// Step 2.2
asn1Bytes, decoded := x5c[0].([]byte)
if !decoded {
return "", nil, ErrAttestationFormat.WithDetails("Error decoding ASN.1 data from x5c")
}
attCert, err := x509.ParseCertificate(asn1Bytes)
if err != nil {
return "", nil, ErrAttestationFormat.WithDetails("Error parsing certificate from ASN.1 data into certificate").
WithError(err)
}
// Step 2.3
if attCert.PublicKeyAlgorithm != x509.ECDSA &&
attCert.PublicKey.(*ecdsa.PublicKey).Curve != elliptic.P256() {
return "", nil, ErrAttestationFormat.WithDetails(
"Attestation certificate is in invalid format",
)
}
// Step 3. Extract the claimed rpIdHash from authenticatorData, and the claimed credentialId and credentialPublicKey
// from authenticatorData.attestedCredentialData.
rpIDHash := att.AuthData.RPIDHash
credentialID := att.AuthData.AttData.CredentialID
// credentialPublicKey handled earlier
// Step 4. Convert the COSE_KEY formatted credentialPublicKey (see Section 7 of RFC8152 [https://www.w3.org/TR/webauthn/#biblio-rfc8152])
// to Raw ANSI X9.62 public key format (see ALG_KEY_ECC_X962_RAW in Section 3.6.2 Public Key
// Representation Formats of FIDO-Registry [https://www.w3.org/TR/webauthn/#biblio-fido-registry]).
// Let x be the value corresponding to the "-2" key (representing x coordinate) in credentialPublicKey, and confirm
// its size to be of 32 bytes. If size differs or "-2" key is not found, terminate this algorithm and
// return an appropriate error.
// Let y be the value corresponding to the "-3" key (representing y coordinate) in credentialPublicKey, and confirm
// its size to be of 32 bytes. If size differs or "-3" key is not found, terminate this algorithm and
// return an appropriate error.
if len(key.XCoord) > 32 || len(key.YCoord) > 32 {
return "", nil, ErrAttestation.WithDetails("X or Y Coordinate for key is invalid length")
}
// Let publicKeyU2F be the concatenation 0x04 || x || y.
publicKeyU2F := bytes.NewBuffer([]byte{0x04})
publicKeyU2F.Write(key.XCoord)
publicKeyU2F.Write(key.YCoord)
// Step 5. Let verificationData be the concatenation of (0x00 || rpIdHash || clientDataHash || credentialId || publicKeyU2F)
// (see §4.3 of FIDO-U2F-Message-Formats [https://www.w3.org/TR/webauthn/#biblio-fido-u2f-message-formats]).
verificationData := bytes.NewBuffer([]byte{0x00})
verificationData.Write(rpIDHash)
verificationData.Write(clientDataHash)
verificationData.Write(credentialID)
verificationData.Write(publicKeyU2F.Bytes())
// Step 6. Verify the sig using verificationData and certificate public key per SEC1[https://www.w3.org/TR/webauthn/#biblio-sec1].
sigErr := attCert.CheckSignature(x509.ECDSAWithSHA256, verificationData.Bytes(), signature)
if sigErr != nil {
return "", nil, sigErr
}
// Step 7. If successful, return attestation type Basic with the attestation trust path set to x5c.
return string(metadata.BasicFull), x5c, sigErr
}

71
webauthn/attestation_u2f_test.go Normal file
View File

@@ -0,0 +1,71 @@
package webauthn
import (
"crypto/sha256"
"testing"
"github.com/sonr-io/common/webauthn/metadata"
)
func TestVerifyU2FFormat(t *testing.T) {
type args struct {
att AttestationObject
clientDataHash []byte
}
successAttResponse := attestationTestUnpackResponse(
t,
u2fTestResponse["success"],
).Response.AttestationObject
successClientDataHash := sha256.Sum256(
attestationTestUnpackResponse(
t,
u2fTestResponse["success"],
).Raw.AttestationResponse.ClientDataJSON,
)
tests := []struct {
name string
args args
want string
want1 []any
wantErr bool
}{
{
"success",
args{
successAttResponse,
successClientDataHash[:],
},
string(metadata.BasicFull),
nil,
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, _, err := verifyU2FFormat(tt.args.att, tt.args.clientDataHash, nil)
if (err != nil) != tt.wantErr {
t.Errorf("verifyU2FFormat() error = %v, wantErr %v", err, tt.wantErr)
return
}
if got != tt.want {
t.Errorf("verifyU2FFormat() got = %v, want %v", got, tt.want)
}
})
}
}
var u2fTestResponse = map[string]string{
`success`: `{
"rawId": "7nJsttr4dLSsmrWnaHB3espJ0ua9rsJ2ws-93BFcNOP64g_s_4wLFDvklrNYcg0BCN6ddUjJLxDfDSBreKQLAw",
"id": "7nJsttr4dLSsmrWnaHB3espJ0ua9rsJ2ws-93BFcNOP64g_s_4wLFDvklrNYcg0BCN6ddUjJLxDfDSBreKQLAw",
"response": {
"clientDataJSON": "eyJjaGFsbGVuZ2UiOiJhTDJ1d0FwZ3d1bUJ6VFlDY29MMF80RFJ2X21mWXlremdxSkJGb0pqX1dDS05aT3B2VVFueWpkd01XSVdLY1k4NDR0eUROTE81cFFQQk1KckhQel8zZyIsImNsaWVudEV4dGVuc2lvbnMiOnt9LCJoYXNoQWxnb3JpdGhtIjoiU0hBLTI1NiIsIm9yaWdpbiI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzI5IiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9",
"attestationObject": "o2NmbXRoZmlkby11MmZnYXR0U3RtdKJjc2lnWEcwRQIgRMxowC__Z-mgVR6netL6C7Q15weqiTCPwwq1EaeJVqMCIQCHb9cCad1VloGhQ60mw7KTJhkx61mfgKKwHUVZf1wR6mN4NWOBWQLCMIICvjCCAaagAwIBAgIEdIb9wjANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZdWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAwMDBaGA8yMDUwMDkwNDAwMDAwMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTk1NTAwMzg0MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJVd8633JH0xde_9nMTzGk6HjrrhgQlWYVD7OIsuX2Unv1dAmqWBpQ0KxS8YRFwKE1SKE1PIpOWacE5SO8BN6-2jbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4xMBMGCysGAQQBguUcAgEBBAQDAgUgMCEGCysGAQQBguUcAQEEBBIEEPigEfOMCk0VgAYXER-e3H0wDAYDVR0TAQH_BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMVxIgOaaUn44Zom9af0KqG9J655OhUVBVW-q0As6AIod3AH5bHb2aDYakeIyyBCnnGMHTJtuekbrHbXYXERIn4aKdkPSKlyGLsA_A-WEi-OAfXrNVfjhrh7iE6xzq0sg4_vVJoywe4eAJx0fS-Dl3axzTTpYl71Nc7p_NX6iCMmdik0pAuYJegBcTckE3AoYEg4K99AM_JaaKIblsbFh8-3LxnemeNf7UwOczaGGvjS6UzGVI0Odf9lKcPIwYhuTxM5CaNMXTZQ7xq4_yTfC3kPWtE4hFT34UJJflZBiLrxG4OsYxkHw_n5vKgmpspB3GfYuYTWhkDKiE8CYtyg87mhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQO5ybLba-HS0rJq1p2hwd3rKSdLmva7CdsLPvdwRXDTj-uIP7P-MCxQ75JazWHINAQjenXVIyS8Q3w0ga3ikCwOlAQIDJiABIVggUOAo5xqsJoPfJWsU50h7c2S7_llP0KwGI6vJkEj1N48iWCA2TMSeBfhJ84HyMQQgjJvBiA6JnHA0chxSlmuZeT9Xgg"
},
"type": "public-key"
}`,
}

444
webauthn/authenticator.go Normal file
View File

@@ -0,0 +1,444 @@
package webauthn
import (
"bytes"
"encoding/binary"
"fmt"
"github.com/sonr-io/common/webauthn/webauthncbor"
)
const (
minAuthDataLength = 37
minAttestedAuthLength = 55
maxCredentialIDLength = 1023
)
// AuthenticatorResponse represents the IDL with the same name.
//
// Authenticators respond to Relying Party requests by returning an object derived from the AuthenticatorResponse
// interface
//
// Specification: §5.2. Authenticator Responses (https://www.w3.org/TR/webauthn/#iface-authenticatorresponse)
type AuthenticatorResponse struct {
// From the spec https://www.w3.org/TR/webauthn/#dom-authenticatorresponse-clientdatajson
// This attribute contains a JSON serialization of the client data passed to the authenticator
// by the client in its call to either create() or get().
ClientDataJSON URLEncodedBase64 `json:"clientDataJSON"`
}
// AuthenticatorData represents the IDL with the same name.
//
// The authenticator data structure encodes contextual bindings made by the authenticator. These bindings are controlled
// by the authenticator itself, and derive their trust from the WebAuthn Relying Party's assessment of the security
// properties of the authenticator. In one extreme case, the authenticator may be embedded in the client, and its
// bindings may be no more trustworthy than the client data. At the other extreme, the authenticator may be a discrete
// entity with high-security hardware and software, connected to the client over a secure channel. In both cases, the
// Relying Party receives the authenticator data in the same format, and uses its knowledge of the authenticator to make
// trust decisions.
//
// The authenticator data has a compact but extensible encoding. This is desired since authenticators can be devices
// with limited capabilities and low power requirements, with much simpler software stacks than the client platform.
//
// Specification: §6.1. Authenticator Data (https://www.w3.org/TR/webauthn/#sctn-authenticator-data)
type AuthenticatorData struct {
RPIDHash []byte `json:"rpid"`
Flags AuthenticatorFlags `json:"flags"`
Counter uint32 `json:"sign_count"`
AttData AttestedCredentialData `json:"att_data"`
ExtData []byte `json:"ext_data"`
}
type AttestedCredentialData struct {
AAGUID []byte `json:"aaguid"`
CredentialID []byte `json:"credential_id"`
// The raw credential public key bytes received from the attestation data. This is the CBOR representation of the
// credentials public key.
CredentialPublicKey []byte `json:"public_key"`
}
// CredentialMediationRequirement represents mediation requirements for clients. When making a request via get(options)
// or create(options), developers can set a case-by-case requirement for user mediation by choosing the appropriate
// CredentialMediationRequirement enum value.
//
// See https://www.w3.org/TR/credential-management-1/#mediation-requirements
type CredentialMediationRequirement string
const (
// MediationDefault lets the browser choose the mediation flow completely as if it wasn't specified at all.
MediationDefault CredentialMediationRequirement = ""
// MediationSilent indicates user mediation is suppressed for the given operation. If the operation can be performed
// without user involvement, wonderful. If user involvement is necessary, then the operation will return null rather
// than involving the user.
MediationSilent CredentialMediationRequirement = "silent"
// MediationOptional indicates if credentials can be handed over for a given operation without user mediation, they
// will be. If user mediation is required, then the user agent will involve the user in the decision.
MediationOptional CredentialMediationRequirement = "optional"
// MediationConditional indicates for get(), discovered credentials are presented to the user in a non-modal dialog
// along with an indication of the origin which is requesting credentials. If the user makes a gesture outside of
// the dialog, the dialog closes without resolving or rejecting the Promise returned by the get() method and without
// causing a user-visible error condition. If the user makes a gesture that selects a credential, that credential is
// returned to the caller. The prevent silent access flag is treated as being true regardless of its actual value:
// the conditional behavior always involves user mediation of some sort if applicable credentials are discovered.
MediationConditional CredentialMediationRequirement = "conditional"
// MediationRequired indicates the user agent will not hand over credentials without user mediation, even if the
// prevent silent access flag is unset for an origin.
MediationRequired CredentialMediationRequirement = "required"
)
// AuthenticatorAttachment represents the IDL enum of the same name, and is used as part of the Authenticator Selection
// Criteria.
//
// This enumerations values describe authenticators' attachment modalities. Relying Parties use this to express a
// preferred authenticator attachment modality when calling navigator.credentials.create() to create a credential.
//
// If this member is present, eligible authenticators are filtered to only authenticators attached with the specified
// §5.4.5 Authenticator Attachment Enumeration (enum AuthenticatorAttachment). The value SHOULD be a member of
// AuthenticatorAttachment but client platforms MUST ignore unknown values, treating an unknown value as if the member
// does not exist.
//
// Specification: §5.4.4. Authenticator Selection Criteria (https://www.w3.org/TR/webauthn/#dom-authenticatorselectioncriteria-authenticatorattachment)
//
// Specification: §5.4.5. Authenticator Attachment Enumeration (https://www.w3.org/TR/webauthn/#enum-attachment)
type AuthenticatorAttachment string
const (
// Platform represents a platform authenticator is attached using a client device-specific transport, called
// platform attachment, and is usually not removable from the client device. A public key credential bound to a
// platform authenticator is called a platform credential.
Platform AuthenticatorAttachment = "platform"
// CrossPlatform represents a roaming authenticator is attached using cross-platform transports, called
// cross-platform attachment. Authenticators of this class are removable from, and can "roam" among, client devices.
// A public key credential bound to a roaming authenticator is called a roaming credential.
CrossPlatform AuthenticatorAttachment = "cross-platform"
)
// ResidentKeyRequirement represents the IDL of the same name.
//
// This enumerations values describe the Relying Party's requirements for client-side discoverable credentials
// (formerly known as resident credentials or resident keys).
//
// Specifies the extent to which the Relying Party desires to create a client-side discoverable credential. For
// historical reasons the naming retains the deprecated “resident” terminology. The value SHOULD be a member of
// ResidentKeyRequirement but client platforms MUST ignore unknown values, treating an unknown value as if the member
// does not exist. If no value is given then the effective value is required if requireResidentKey is true or
// discouraged if it is false or absent.
//
// Specification: §5.4.4. Authenticator Selection Criteria (https://www.w3.org/TR/webauthn/#dom-authenticatorselectioncriteria-residentkey)
//
// Specification: §5.4.6. Resident Key Requirement Enumeration (https://www.w3.org/TR/webauthn/#enumdef-residentkeyrequirement)
type ResidentKeyRequirement string
const (
// ResidentKeyRequirementDiscouraged indicates the Relying Party prefers creating a server-side credential, but will
// accept a client-side discoverable credential. This is the default.
ResidentKeyRequirementDiscouraged ResidentKeyRequirement = "discouraged"
// ResidentKeyRequirementPreferred indicates to the client we would prefer a discoverable credential.
ResidentKeyRequirementPreferred ResidentKeyRequirement = "preferred"
// ResidentKeyRequirementRequired indicates the Relying Party requires a client-side discoverable credential, and is
// prepared to receive an error if a client-side discoverable credential cannot be created.
ResidentKeyRequirementRequired ResidentKeyRequirement = "required"
)
// AuthenticatorTransport represents the IDL enum with the same name.
//
// Authenticators may implement various transports for communicating with clients. This enumeration defines hints as to
// how clients might communicate with a particular authenticator in order to obtain an assertion for a specific
// credential. Note that these hints represent the WebAuthn Relying Party's best belief as to how an authenticator may
// be reached. A Relying Party will typically learn of the supported transports for a public key credential via
// getTransports().
//
// Specification: §5.8.4. Authenticator Transport Enumeration (https://www.w3.org/TR/webauthn/#enumdef-authenticatortransport)
type AuthenticatorTransport string
const (
// USB indicates the respective authenticator can be contacted over removable USB.
USB AuthenticatorTransport = "usb"
// NFC indicates the respective authenticator can be contacted over Near Field Communication (NFC).
NFC AuthenticatorTransport = "nfc"
// BLE indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).
BLE AuthenticatorTransport = "ble"
// SmartCard indicates the respective authenticator can be contacted over ISO/IEC 7816 smart card with contacts.
//
// WebAuthn Level 3.
SmartCard AuthenticatorTransport = "smart-card"
// Hybrid indicates the respective authenticator can be contacted using a combination of (often separate)
// data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using
// a smartphone.
//
// WebAuthn Level 3.
Hybrid AuthenticatorTransport = "hybrid"
// Internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it
// is a platform authenticator. These authenticators are not removable from the client device.
Internal AuthenticatorTransport = "internal"
)
// UserVerificationRequirement is a representation of the UserVerificationRequirement IDL enum.
//
// A WebAuthn Relying Party may require user verification for some of its operations but not for others,
// and may use this type to express its needs.
//
// Specification: §5.8.6. User Verification Requirement Enumeration (https://www.w3.org/TR/webauthn/#enum-userVerificationRequirement)
type UserVerificationRequirement string
const (
// VerificationRequired User verification is required to create/release a credential
VerificationRequired UserVerificationRequirement = "required"
// VerificationPreferred User verification is preferred to create/release a credential
VerificationPreferred UserVerificationRequirement = "preferred" // This is the default
// VerificationDiscouraged The authenticator should not verify the user for the credential
VerificationDiscouraged UserVerificationRequirement = "discouraged"
)
// AuthenticatorFlags A byte of information returned during during ceremonies in the
// authenticatorData that contains bits that give us information about the
// whether the user was present and/or verified during authentication, and whether
// there is attestation or extension data present. Bit 0 is the least significant bit.
//
// Specification: §6.1. Authenticator Data - Flags (https://www.w3.org/TR/webauthn/#flags)
type AuthenticatorFlags byte
// The bits that do not have flags are reserved for future use.
const (
// FlagUserPresent Bit 00000001 in the byte sequence. Tells us if user is present. Also referred to as the UP flag.
FlagUserPresent AuthenticatorFlags = 1 << iota // Referred to as UP
// FlagRFU1 is a reserved for future use flag.
FlagRFU1
// FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified
// by the authenticator using a biometric or PIN. Also referred to as the UV flag.
FlagUserVerified
// FlagBackupEligible Bit 00001000 in the byte sequence. Tells us if a backup is eligible for device. Also referred
// to as the BE flag.
FlagBackupEligible // Referred to as BE
// FlagBackupState Bit 00010000 in the byte sequence. Tells us if a backup state for device. Also referred to as the
// BS flag.
FlagBackupState
// FlagRFU2 is a reserved for future use flag.
FlagRFU2
// FlagAttestedCredentialData Bit 01000000 in the byte sequence. Indicates whether
// the authenticator added attested credential data. Also referred to as the AT flag.
FlagAttestedCredentialData
// FlagHasExtensions Bit 10000000 in the byte sequence. Indicates if the authenticator data has extensions. Also
// referred to as the ED flag.
FlagHasExtensions
)
// UserPresent returns if the UP flag was set.
func (flag AuthenticatorFlags) UserPresent() bool {
return flag.HasUserPresent()
}
// UserVerified returns if the UV flag was set.
func (flag AuthenticatorFlags) UserVerified() bool {
return flag.HasUserVerified()
}
// HasUserPresent returns if the UP flag was set.
func (flag AuthenticatorFlags) HasUserPresent() bool {
return (flag & FlagUserPresent) == FlagUserPresent
}
// HasUserVerified returns if the UV flag was set.
func (flag AuthenticatorFlags) HasUserVerified() bool {
return (flag & FlagUserVerified) == FlagUserVerified
}
// HasAttestedCredentialData returns if the AT flag was set.
func (flag AuthenticatorFlags) HasAttestedCredentialData() bool {
return (flag & FlagAttestedCredentialData) == FlagAttestedCredentialData
}
// HasExtensions returns if the ED flag was set.
func (flag AuthenticatorFlags) HasExtensions() bool {
return (flag & FlagHasExtensions) == FlagHasExtensions
}
// HasBackupEligible returns if the BE flag was set.
func (flag AuthenticatorFlags) HasBackupEligible() bool {
return (flag & FlagBackupEligible) == FlagBackupEligible
}
// HasBackupState returns if the BS flag was set.
func (flag AuthenticatorFlags) HasBackupState() bool {
return (flag & FlagBackupState) == FlagBackupState
}
// Unmarshal will take the raw Authenticator Data and marshals it into AuthenticatorData for further validation.
// The authenticator data has a compact but extensible encoding. This is desired since authenticators can be
// devices with limited capabilities and low power requirements, with much simpler software stacks than the client platform.
// The authenticator data structure is a byte array of 37 bytes or more, and is laid out in this table:
// https://www.w3.org/TR/webauthn/#table-authData
func (a *AuthenticatorData) Unmarshal(rawAuthData []byte) (err error) {
if minAuthDataLength > len(rawAuthData) {
return ErrBadRequest.
WithDetails("Authenticator data length too short").
WithInfo(fmt.Sprintf("Expected data greater than %d bytes. Got %d bytes", minAuthDataLength, len(rawAuthData)))
}
a.RPIDHash = rawAuthData[:32]
a.Flags = AuthenticatorFlags(rawAuthData[32])
a.Counter = binary.BigEndian.Uint32(rawAuthData[33:37])
remaining := len(rawAuthData) - minAuthDataLength
if a.Flags.HasAttestedCredentialData() {
if len(rawAuthData) > minAttestedAuthLength {
if err = a.unmarshalAttestedData(rawAuthData); err != nil {
return err
}
attDataLen := len(
a.AttData.AAGUID,
) + 2 + len(
a.AttData.CredentialID,
) + len(
a.AttData.CredentialPublicKey,
)
remaining = remaining - attDataLen
} else {
return ErrBadRequest.WithDetails("Attested credential flag set but data is missing")
}
} else {
if !a.Flags.HasExtensions() && len(rawAuthData) != 37 {
return ErrBadRequest.WithDetails("Attested credential flag not set")
}
}
if a.Flags.HasExtensions() {
if remaining != 0 {
a.ExtData = rawAuthData[len(rawAuthData)-remaining:]
remaining -= len(a.ExtData)
} else {
return ErrBadRequest.WithDetails("Extensions flag set but extensions data is missing")
}
}
if remaining != 0 {
return ErrBadRequest.WithDetails("Leftover bytes decoding AuthenticatorData")
}
return nil
}
// If Attestation Data is present, unmarshall that into the appropriate public key structure.
func (a *AuthenticatorData) unmarshalAttestedData(rawAuthData []byte) (err error) {
a.AttData.AAGUID = rawAuthData[37:53]
idLength := binary.BigEndian.Uint16(rawAuthData[53:55])
if len(rawAuthData) < int(55+idLength) {
return ErrBadRequest.WithDetails("Authenticator attestation data length too short")
}
if idLength > maxCredentialIDLength {
return ErrBadRequest.WithDetails(
"Authenticator attestation data credential id length too long",
)
}
a.AttData.CredentialID = rawAuthData[55 : 55+idLength]
a.AttData.CredentialPublicKey, err = unmarshalCredentialPublicKey(rawAuthData[55+idLength:])
if err != nil {
return ErrBadRequest.WithDetails(fmt.Sprintf("Could not unmarshal Credential Public Key: %v", err)).
WithError(err)
}
return nil
}
// Unmarshall the credential's Public Key into CBOR encoding.
func unmarshalCredentialPublicKey(keyBytes []byte) (rawBytes []byte, err error) {
var m any
if err = webauthncbor.Unmarshal(keyBytes, &m); err != nil {
return nil, err
}
if rawBytes, err = webauthncbor.Marshal(m); err != nil {
return nil, err
}
return rawBytes, nil
}
// ResidentKeyRequired - Require that the key be private key resident to the client device.
func ResidentKeyRequired() *bool {
required := true
return &required
}
// ResidentKeyNotRequired - Do not require that the private key be resident to the client device.
func ResidentKeyNotRequired() *bool {
required := false
return &required
}
// Verify on AuthenticatorData handles Steps 13 through 15 & 17 for Registration
// and Steps 15 through 18 for Assertion.
func (a *AuthenticatorData) Verify(
rpIDHash []byte,
appIDHash []byte,
userVerificationRequired bool,
userPresenceRequired bool,
) (err error) {
// Registration Step 13 & Assertion Step 15
// Verify that the RP ID hash in authData is indeed the SHA-256
// hash of the RP ID expected by the RP.
if !bytes.Equal(a.RPIDHash, rpIDHash) && !bytes.Equal(a.RPIDHash, appIDHash) {
return ErrVerification.WithInfo(
fmt.Sprintf("RP Hash mismatch. Expected %x and Received %x", a.RPIDHash, rpIDHash),
)
}
// Registration Step 15 & Assertion Step 16
// Verify that the User Present bit of the flags in authData is set.
if userPresenceRequired && !a.Flags.UserPresent() {
return ErrVerification.WithInfo("User presence required but flag not set by authenticator")
}
// Registration Step 15 & Assertion Step 17
// If user verification is required for this assertion, verify that
// the User Verified bit of the flags in authData is set.
if userVerificationRequired && !a.Flags.UserVerified() {
return ErrVerification.WithInfo(
"User verification required but flag not set by authenticator",
)
}
// Registration Step 17 & Assertion Step 18
// Verify that the values of the client extension outputs in clientExtensionResults
// and the authenticator extension outputs in the extensions in authData are as
// expected, considering the client extension input values that were given as the
// extensions option in the create() call. In particular, any extension identifier
// values in the clientExtensionResults and the extensions in authData MUST be also be
// present as extension identifier values in the extensions member of options, i.e., no
// extensions are present that were not requested. In the general case, the meaning
// of "are as expected" is specific to the Relying Party and which extensions are in use.
// This is not yet fully implemented by the spec or by browsers.
return nil
}

623
webauthn/authenticator_test.go Normal file
View File

@@ -0,0 +1,623 @@
package webauthn
import (
"encoding/base64"
"encoding/binary"
"encoding/hex"
"fmt"
"reflect"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const (
noneAuthDataBase64 = "pkLSG3xtVeHOI8U5mCjSx0m/am7y/gPMnhDN9O1ttItBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQMAxl6G32ykWaLrv/ouCs5HoGsvONqBtOb7ZmyMs8K8PccnwyyqPzWn/yZuyQmQBguvjYSvH6gDBlFG65quUDCSlAQIDJiABIVggyJGP+ra/u/eVjqN4OeYXUShRWxrEeC6Sb5/bZmJ9q8MiWCCHIkRdg5oRb1RHoFVYUpogcjlObCKFsV1ls1T+uUc6rA=="
attAuthDataBase64 = "lWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4/Xy7IpvdRBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIniszxcGnhupdPFOHJIm6dscrWCC2h8xHicBMu91THD0kdOdB0QQtkaEn+6KfsfT1o3NmmFT8YfXrG734WfVSmlAQIDJiABIVggyoHHeiUw5aSbt8/GsL9zaqZGRzV26A4y3CnCGUhVXu4iWCBMnc8za5xgPzIygngAv9W+vZTMGJwwZcM4sjiqkcb/1g=="
)
func TestAuthenticatorFlags_UserPresent(t *testing.T) {
var (
goodByte byte = 0x01
badByte byte = 0x10
)
tests := []struct {
name string
flag AuthenticatorFlags
want bool
}{
{
"Present",
AuthenticatorFlags(goodByte),
true,
},
{
"Missing",
AuthenticatorFlags(badByte),
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.flag.UserPresent(); got != tt.want {
t.Errorf("AuthenticatorFlags.UserPresent() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthenticatorFlags_UserVerified(t *testing.T) {
var (
goodByte byte = 0x04
badByte byte = 0x02
)
tests := []struct {
name string
flag AuthenticatorFlags
want bool
}{
{
"Present",
AuthenticatorFlags(goodByte),
true,
},
{
"Missing",
AuthenticatorFlags(badByte),
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.flag.UserVerified(); got != tt.want {
t.Errorf("AuthenticatorFlags.UserVerified() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthenticatorFlags_HasAttestedCredentialData(t *testing.T) {
var (
goodByte byte = 0x40
badByte byte = 0x01
)
tests := []struct {
name string
flag AuthenticatorFlags
want bool
}{
{
"Present",
AuthenticatorFlags(goodByte),
true,
},
{
"Missing",
AuthenticatorFlags(badByte),
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.flag.HasAttestedCredentialData(); got != tt.want {
t.Errorf(
"AuthenticatorFlags.HasAttestedCredentialData() = %v, want %v",
got,
tt.want,
)
}
})
}
}
func TestAuthenticatorFlags_HasExtensions(t *testing.T) {
var (
goodByte byte = 0x80
badByte byte = 0x01
)
tests := []struct {
name string
flag AuthenticatorFlags
want bool
}{
{
"Present",
AuthenticatorFlags(goodByte),
true,
},
{
"Missing",
AuthenticatorFlags(badByte),
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.flag.HasExtensions(); got != tt.want {
t.Errorf("AuthenticatorFlags.HasExtensions() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthenticatorData_Unmarshal(t *testing.T) {
type fields struct {
RPIDHash []byte
Flags AuthenticatorFlags
Counter uint32
AttData AttestedCredentialData
ExtData []byte
}
type args struct {
rawAuthData []byte
}
noneAuthData, _ := base64.StdEncoding.DecodeString(noneAuthDataBase64)
attAuthData, _ := base64.StdEncoding.DecodeString(attAuthDataBase64)
// Empty data
badAuthData1 := []byte{}
// Attested credential data missing
badAuthData2 := make([]byte, minAttestedAuthLength-1)
copy(badAuthData2, attAuthData)
// Flags not set but data exists
badAuthData3 := make([]byte, len(attAuthData))
copy(badAuthData3, attAuthData)
badAuthData3[32] &= 0b0011_1111
// Extensions data missing
badAuthData4 := make([]byte, len(attAuthData))
copy(badAuthData4, attAuthData)
badAuthData4[32] |= 0b1000_0000
// Leftover bytes
badAuthData5 := make([]byte, len(attAuthData))
copy(badAuthData5, attAuthData)
badAuthData5 = append(badAuthData5, []byte("Hello World")...)
tests := []struct {
name string
fields fields
args args
errString string
errType string
errDetails string
errInfo string
}{
{
name: "None Marshall Successfully",
fields: fields{},
args: args{
noneAuthData,
},
},
{
name: "Att Data Marshall Successfully",
fields: fields{},
args: args{
attAuthData,
},
},
{
name: "Authenticator data too short",
fields: fields{},
args: args{
badAuthData1,
},
errString: "Authenticator data length too short",
errType: "invalid_request",
errDetails: "Authenticator data length too short",
errInfo: fmt.Sprintf(
"Expected data greater than %d bytes. Got %d bytes",
minAuthDataLength,
len(badAuthData1),
),
},
{
name: "Attested credential missing",
fields: fields{},
args: args{
badAuthData2,
},
errString: "Attested credential flag set but data is missing",
errType: "invalid_request",
errDetails: "Attested credential flag set but data is missing",
errInfo: "",
},
{
name: "Attested credential missing",
fields: fields{},
args: args{
badAuthData3,
},
errString: "Attested credential flag not set",
errType: "invalid_request",
errDetails: "Attested credential flag not set",
errInfo: "",
},
{
name: "Extensions data missing",
fields: fields{},
args: args{
badAuthData4,
},
errString: "Extensions flag set but extensions data is missing",
errType: "invalid_request",
errDetails: "Extensions flag set but extensions data is missing",
errInfo: "",
},
{
name: "Leftover bytes",
fields: fields{},
args: args{
badAuthData5,
},
errString: "Leftover bytes decoding AuthenticatorData",
errType: "invalid_request",
errDetails: "Leftover bytes decoding AuthenticatorData",
errInfo: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthenticatorData{
RPIDHash: tt.fields.RPIDHash,
Flags: tt.fields.Flags,
Counter: tt.fields.Counter,
AttData: tt.fields.AttData,
ExtData: tt.fields.ExtData,
}
err := a.Unmarshal(tt.args.rawAuthData)
if tt.errString != "" {
assert.EqualError(t, err, tt.errString)
AssertIsProtocolError(t, err, tt.errType, tt.errDetails, tt.errInfo)
return
}
require.NoError(t, err)
})
}
}
func TestAuthenticatorData_unmarshalAttestedData(t *testing.T) {
type fields struct {
RPIDHash []byte
Flags AuthenticatorFlags
Counter uint32
AttData AttestedCredentialData
ExtData []byte
}
type args struct {
rawAuthData []byte
}
noneAuthData, _ := base64.StdEncoding.DecodeString(noneAuthDataBase64)
attAuthData, _ := base64.StdEncoding.DecodeString(attAuthDataBase64)
// Data length too short
badAuthData1 := make([]byte, len(attAuthData))
copy(badAuthData1, attAuthData)
binary.BigEndian.PutUint16(badAuthData1[53:], 256)
// ID length too long
badAuthData2 := make([]byte, len(attAuthData)+maxCredentialIDLength+1)
copy(badAuthData2, attAuthData)
binary.BigEndian.PutUint16(badAuthData2[53:], maxCredentialIDLength+1)
// Malformed public key
badAuthData3 := make([]byte, 119)
copy(badAuthData3, attAuthData[:119])
badData, _ := hex.DecodeString("83FF20030102")
badAuthData3 = append(badAuthData3, badData...)
tests := []struct {
name string
fields fields
args args
errString string
errType string
errDetails string
errInfo string
}{
{
name: "None Marshall Successfully",
fields: fields{},
args: args{
noneAuthData,
},
},
{
name: "Att Data Marshall Successfully",
fields: fields{},
args: args{
attAuthData,
},
},
{
name: "Data length too short",
fields: fields{},
args: args{
badAuthData1,
},
errString: "Authenticator attestation data length too short",
errType: "invalid_request",
errDetails: "Authenticator attestation data length too short",
errInfo: "",
},
{
name: "ID length too long",
fields: fields{},
args: args{
badAuthData2,
},
errString: "Authenticator attestation data credential id length too long",
errType: "invalid_request",
errDetails: "Authenticator attestation data credential id length too long",
errInfo: "",
},
{
name: "Could not unmarshal Credential Public Key",
fields: fields{},
args: args{
badAuthData3,
},
errString: "Could not unmarshal Credential Public Key: cbor: unexpected \"break\" code",
errType: "invalid_request",
errDetails: "Could not unmarshal Credential Public Key: cbor: unexpected \"break\" code",
errInfo: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthenticatorData{
RPIDHash: tt.fields.RPIDHash,
Flags: tt.fields.Flags,
Counter: tt.fields.Counter,
AttData: tt.fields.AttData,
ExtData: tt.fields.ExtData,
}
err := a.unmarshalAttestedData(tt.args.rawAuthData)
if tt.errString != "" {
assert.EqualError(t, err, tt.errString)
AssertIsProtocolError(t, err, tt.errType, tt.errDetails, tt.errInfo)
return
}
require.NoError(t, err)
})
}
}
func Test_unmarshalCredentialPublicKey(t *testing.T) {
type args struct {
keyBytes []byte
}
tests := []struct {
name string
args args
want []byte
}{
{
name: "Valid EC2 P-256 public key",
args: args{
keyBytes: []byte{
0xa5, // map(5)
0x01, 0x02, // kty: EC2 (2)
0x03, 0x26, // alg: ES256 (-7)
0x20, 0x01, // crv: P-256 (1)
0x21, 0x58, 0x20, // x coordinate (32 bytes)
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x22, 0x58, 0x20, // y coordinate (32 bytes)
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40,
},
},
want: []byte{
0xa5, // map(5)
0x01, 0x02, // kty: EC2 (2)
0x03, 0x26, // alg: ES256 (-7)
0x20, 0x01, // crv: P-256 (1)
0x21, 0x58, 0x20, // x coordinate (32 bytes)
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x22, 0x58, 0x20, // y coordinate (32 bytes)
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, 0x40,
},
},
{
name: "Valid RSA public key",
args: args{
keyBytes: append([]byte{
0xa4, // map(4)
0x01, 0x03, // kty: RSA (3)
0x03, 0x39, 0x01, 0x00, // alg: RS256 (-257)
0x20, 0x59, 0x01, 0x00, // n: modulus (256 bytes)
}, append(make([]byte, 256), []byte{
0x21, 0x43, // e: exponent (3 bytes)
0x01, 0x00, 0x01, // 65537
}...)...),
},
want: append([]byte{
0xa4, // map(4)
0x01, 0x03, // kty: RSA (3)
0x03, 0x39, 0x01, 0x00, // alg: RS256 (-257)
0x20, 0x59, 0x01, 0x00, // n: modulus (256 bytes)
}, append(make([]byte, 256), []byte{
0x21, 0x43, // e: exponent (3 bytes)
0x01, 0x00, 0x01, // 65537
}...)...),
},
{
name: "Valid Ed25519 public key",
args: args{
keyBytes: []byte{
0xa4, // map(4)
0x01, 0x01, // kty: OKP (1)
0x03, 0x27, // alg: EdDSA (-8)
0x20, 0x06, // crv: Ed25519 (6)
0x21, 0x58, 0x20, // x coordinate (32 bytes)
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
},
},
want: []byte{
0xa4, // map(4)
0x01, 0x01, // kty: OKP (1)
0x03, 0x27, // alg: EdDSA (-8)
0x20, 0x06, // crv: Ed25519 (6)
0x21, 0x58, 0x20, // x coordinate (32 bytes)
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := unmarshalCredentialPublicKey(tt.args.keyBytes)
if err != nil {
t.Errorf("unmarshalCredentialPublicKey() returned err %v", err)
} else if !reflect.DeepEqual(got, tt.want) {
t.Errorf("unmarshalCredentialPublicKey() = %v, want %v", got, tt.want)
}
})
}
}
func TestAuthenticatorData_Verify(t *testing.T) {
type fields struct {
RPIDHash []byte
Flags AuthenticatorFlags
Counter uint32
AttData AttestedCredentialData
ExtData []byte
}
type args struct {
rpIdHash []byte
userVerificationRequired bool
userPresenceRequired bool
}
tests := []struct {
name string
fields fields
args args
errString string
errType string
errDetails string
errInfo string
}{
{
name: "Success",
fields: fields{
RPIDHash: []byte{1, 2, 3},
Flags: AuthenticatorFlags(0x05),
},
args: args{
rpIdHash: []byte{1, 2, 3},
},
errString: "",
},
{
name: "RP hash mismatch",
fields: fields{
RPIDHash: []byte{0xff},
},
args: args{
rpIdHash: []byte{0xaa},
},
errString: "Error validating the authenticator response",
errType: "verification_error",
errDetails: "Error validating the authenticator response",
errInfo: "RP Hash mismatch. Expected ff and Received aa",
},
{
name: "UP flag not set",
fields: fields{
RPIDHash: []byte{1, 2, 3},
Flags: AuthenticatorFlags(0x04),
},
args: args{
rpIdHash: []byte{1, 2, 3},
userPresenceRequired: true,
},
errString: "Error validating the authenticator response",
errType: "verification_error",
errDetails: "Error validating the authenticator response",
errInfo: "User presence required but flag not set by authenticator",
},
{
name: "User verification required",
fields: fields{
RPIDHash: []byte{1, 2, 3},
Flags: AuthenticatorFlags(0x01),
},
args: args{
rpIdHash: []byte{1, 2, 3},
userVerificationRequired: true,
userPresenceRequired: true,
},
errString: "Error validating the authenticator response",
errType: "verification_error",
errDetails: "Error validating the authenticator response",
errInfo: "User verification required but flag not set by authenticator",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &AuthenticatorData{
RPIDHash: tt.fields.RPIDHash,
Flags: tt.fields.Flags,
Counter: tt.fields.Counter,
AttData: tt.fields.AttData,
ExtData: tt.fields.ExtData,
}
err := a.Verify(
tt.args.rpIdHash,
nil,
tt.args.userVerificationRequired,
tt.args.userPresenceRequired,
)
if tt.errString != "" {
assert.EqualError(t, err, tt.errString)
AssertIsProtocolError(t, err, tt.errType, tt.errDetails, tt.errInfo)
return
}
require.NoError(t, err)
})
}
}

52
webauthn/base64.go Normal file
View File

@@ -0,0 +1,52 @@
package webauthn
import (
"bytes"
"encoding/base64"
"reflect"
)
// URLEncodedBase64 represents a byte slice holding URL-encoded base64 data.
// When fields of this type are unmarshalled from JSON, the data is base64
// decoded into a byte slice.
type URLEncodedBase64 []byte
func (e URLEncodedBase64) String() string {
return base64.RawURLEncoding.EncodeToString(e)
}
// UnmarshalJSON base64 decodes a URL-encoded value, storing the result in the
// provided byte slice.
func (e *URLEncodedBase64) UnmarshalJSON(data []byte) error {
if bytes.Equal(data, []byte("null")) {
return nil
}
// Trim the leading and trailing quotes from raw JSON data (the whole value part)
data = bytes.Trim(data, `"`)
// Trim the trailing equal characters.
data = bytes.TrimRight(data, "=")
out := make([]byte, base64.RawURLEncoding.DecodedLen(len(data)))
n, err := base64.RawURLEncoding.Decode(out, data)
if err != nil {
return err
}
v := reflect.ValueOf(e).Elem()
v.SetBytes(out[:n])
return nil
}
// MarshalJSON base64 encodes a non URL-encoded value, storing the result in the
// provided byte slice.
func (e URLEncodedBase64) MarshalJSON() ([]byte, error) {
if e == nil {
return []byte("null"), nil
}
return []byte(`"` + base64.RawURLEncoding.EncodeToString(e) + `"`), nil
}

56
webauthn/base64_test.go Normal file
View File

@@ -0,0 +1,56 @@
package webauthn
import (
"encoding/base64"
"encoding/json"
"fmt"
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestBase64UnmarshalJSON(t *testing.T) {
type testData struct {
StringData string `json:"string_data"`
EncodedData URLEncodedBase64 `json:"encoded_data"`
}
tests := []struct {
encodedMessage string
expectedTestData testData
}{
{
encodedMessage: "\"" + base64.RawURLEncoding.EncodeToString(
[]byte("test base64 data"),
) + "\"",
expectedTestData: testData{
StringData: "test string",
EncodedData: URLEncodedBase64("test base64 data"),
},
},
{
encodedMessage: "null",
expectedTestData: testData{
StringData: "test string",
EncodedData: nil,
},
},
}
for _, test := range tests {
raw := fmt.Sprintf(
`{"string_data": "test string", "encoded_data": %s}`,
test.encodedMessage,
)
got := testData{}
t.Logf("%s\n", raw)
require.NoError(t, json.NewDecoder(strings.NewReader(raw)).Decode(&got))
assert.Equal(t, test.expectedTestData.EncodedData, got.EncodedData)
assert.Equal(t, test.expectedTestData.StringData, got.StringData)
}
}

20
webauthn/challenge.go Normal file
View File

@@ -0,0 +1,20 @@
package webauthn
import (
"crypto/rand"
)
// ChallengeLength - Length of bytes to generate for a challenge.
const ChallengeLength = 32
// CreateChallenge creates a new challenge that should be signed and returned by the authenticator. The spec recommends
// using at least 16 bytes with 100 bits of entropy. We use 32 bytes.
func CreateChallenge() (challenge URLEncodedBase64, err error) {
challenge = make([]byte, ChallengeLength)
if _, err = rand.Read(challenge); err != nil {
return nil, err
}
return challenge, nil
}

67
webauthn/challenge_test.go Normal file
View File

@@ -0,0 +1,67 @@
package webauthn
import (
"encoding/base64"
"reflect"
"testing"
)
func TestCreateChallenge(t *testing.T) {
tests := []struct {
name string
want URLEncodedBase64
wantErr bool
}{
{
"Successful Challenge Creation",
URLEncodedBase64{},
false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := CreateChallenge()
if (err != nil) != tt.wantErr {
t.Errorf("CreateChallenge() error = %v, wantErr %v", err, tt.wantErr)
return
}
tt.want = got
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("CreateChallenge() = %v, want %v", got, tt.want)
}
})
}
}
func TestChallenge_String(t *testing.T) {
newChallenge, err := CreateChallenge()
if err != nil {
t.Errorf("CreateChallenge() error = %v", err)
return
}
wantChallenge := base64.RawURLEncoding.EncodeToString(newChallenge)
tests := []struct {
name string
c URLEncodedBase64
want string
}{
{
"Successful String",
newChallenge,
wantChallenge,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.c.String(); got != tt.want {
t.Errorf("Challenge.String() = %v, want %v", got, tt.want)
}
})
}
}

235
webauthn/client.go Normal file
View File

@@ -0,0 +1,235 @@
package webauthn
import (
"crypto/subtle"
"fmt"
"net/url"
"strings"
)
// CollectedClientData represents the contextual bindings of both the WebAuthn Relying Party
// and the client. It is a key-value mapping whose keys are strings. Values can be any type
// that has a valid encoding in JSON. Its structure is defined by the following Web IDL.
//
// Specification: §5.8.1. Client Data Used in WebAuthn Signatures (https://www.w3.org/TR/webauthn/#dictdef-collectedclientdata)
type CollectedClientData struct {
// Type the string "webauthn.create" when creating new credentials,
// and "webauthn.get" when getting an assertion from an existing credential. The
// purpose of this member is to prevent certain types of signature confusion attacks
// (where an attacker substitutes one legitimate signature for another).
Type CeremonyType `json:"type"`
Challenge string `json:"challenge"`
Origin string `json:"origin"`
TopOrigin string `json:"topOrigin,omitempty"`
CrossOrigin bool `json:"crossOrigin,omitempty"`
TokenBinding *TokenBinding `json:"tokenBinding,omitempty"`
// Chromium (Chrome) returns a hint sometimes about how to handle clientDataJSON in a safe manner.
Hint string `json:"new_keys_may_be_added_here,omitempty"`
}
type CeremonyType string
const (
CreateCeremony CeremonyType = "webauthn.create"
AssertCeremony CeremonyType = "webauthn.get"
)
type TokenBinding struct {
Status TokenBindingStatus `json:"status"`
ID string `json:"id,omitempty"`
}
type TokenBindingStatus string
const (
// Present indicates token binding was used when communicating with the
// Relying Party. In this case, the id member MUST be present.
Present TokenBindingStatus = "present"
// Supported indicates token binding was used when communicating with the
// negotiated when communicating with the Relying Party.
Supported TokenBindingStatus = "supported"
// NotSupported indicates token binding not supported
// when communicating with the Relying Party.
NotSupported TokenBindingStatus = "not-supported"
)
// FullyQualifiedOrigin returns the origin per the HTML spec: (scheme)://(host)[:(port)].
func FullyQualifiedOrigin(rawOrigin string) (fqOrigin string, err error) {
if strings.HasPrefix(rawOrigin, "android:apk-key-hash:") {
return rawOrigin, nil
}
var origin *url.URL
if origin, err = url.ParseRequestURI(rawOrigin); err != nil {
return "", err
}
if origin.Host == "" {
return "", fmt.Errorf("url '%s' does not have a host", rawOrigin)
}
origin.Path, origin.RawPath, origin.RawQuery, origin.User = "", "", "", nil
return origin.String(), nil
}
// Verify handles steps 3 through 6 of verifying the registering client data of a
// new credential and steps 7 through 10 of verifying an authentication assertion
// See https://www.w3.org/TR/webauthn/#registering-a-new-credential
// and https://www.w3.org/TR/webauthn/#verifying-assertion
//
// Note: the rpTopOriginsVerify parameter does not accept the TopOriginVerificationMode value of
// TopOriginDefaultVerificationMode as it's expected this value is updated by the config validation process.
func (c *CollectedClientData) Verify(
storedChallenge string,
ceremony CeremonyType,
rpOrigins, rpTopOrigins []string,
rpTopOriginsVerify TopOriginVerificationMode,
) (err error) {
// Registration Step 3. Verify that the value of C.type is webauthn.create.
// Assertion Step 7. Verify that the value of C.type is the string webauthn.get.
if c.Type != ceremony {
return ErrVerification.WithDetails("Error validating ceremony type").
WithInfo(fmt.Sprintf("Expected Value: %s, Received: %s", ceremony, c.Type))
}
// Registration Step 4. Verify that the value of C.challenge matches the challenge
// that was sent to the authenticator in the create() call.
// Assertion Step 8. Verify that the value of C.challenge matches the challenge
// that was sent to the authenticator in the PublicKeyCredentialRequestOptions
// passed to the get() call.
challenge := c.Challenge
if subtle.ConstantTimeCompare([]byte(storedChallenge), []byte(challenge)) != 1 {
return ErrVerification.
WithDetails("Error validating challenge").
WithInfo(fmt.Sprintf("Expected b Value: %#v\nReceived b: %#v\n", storedChallenge, challenge))
}
// Registration Step 5 & Assertion Step 9. Verify that the value of C.origin matches
// the Relying Party's origin.
var fqOrigin string
if fqOrigin, err = FullyQualifiedOrigin(c.Origin); err != nil {
return ErrParsingData.WithDetails("Error decoding clientData origin as URL").WithError(err)
}
found := false
for _, origin := range rpOrigins {
if strings.EqualFold(fqOrigin, origin) {
found = true
break
}
}
if !found {
return ErrVerification.
WithDetails("Error validating origin").
WithInfo(fmt.Sprintf("Expected Values: %s, Received: %s", rpOrigins, fqOrigin))
}
if rpTopOriginsVerify != TopOriginIgnoreVerificationMode {
switch len(c.TopOrigin) {
case 0:
break
default:
if !c.CrossOrigin {
return ErrVerification.
WithDetails("Error validating topOrigin").
WithInfo("The topOrigin can't have values unless crossOrigin is true.")
}
var (
fqTopOrigin string
possibleTopOrigins []string
)
if fqTopOrigin, err = FullyQualifiedOrigin(c.TopOrigin); err != nil {
return ErrParsingData.WithDetails("Error decoding clientData topOrigin as URL").
WithError(err)
}
switch rpTopOriginsVerify {
case TopOriginExplicitVerificationMode:
possibleTopOrigins = rpTopOrigins
case TopOriginAutoVerificationMode:
possibleTopOrigins = append(rpTopOrigins, rpOrigins...)
case TopOriginImplicitVerificationMode:
possibleTopOrigins = rpOrigins
default:
return ErrNotImplemented.WithDetails(
"Error handling unknown Top Origin verification mode",
)
}
found = false
for _, origin := range possibleTopOrigins {
if strings.EqualFold(fqTopOrigin, origin) {
found = true
break
}
}
if !found {
return ErrVerification.
WithDetails("Error validating top origin").
WithInfo(fmt.Sprintf("Expected Values: %s, Received: %s", possibleTopOrigins, fqTopOrigin))
}
}
}
// Registration Step 6 and Assertion Step 10. Verify that the value of C.tokenBinding.status
// matches the state of Token Binding for the TLS connection over which the assertion was
// obtained. If Token Binding was used on that TLS connection, also verify that C.tokenBinding.id
// matches the base64url encoding of the Token Binding ID for the connection.
if c.TokenBinding != nil {
if c.TokenBinding.Status == "" {
return ErrParsingData.WithDetails(
"Error decoding clientData, token binding present without status",
)
}
if c.TokenBinding.Status != Present && c.TokenBinding.Status != Supported &&
c.TokenBinding.Status != NotSupported {
return ErrParsingData.
WithDetails("Error decoding clientData, token binding present with invalid status").
WithInfo(fmt.Sprintf("Got: %s", c.TokenBinding.Status))
}
}
// Not yet fully implemented by the spec, browsers, and me.
return nil
}
type TopOriginVerificationMode int
const (
// TopOriginDefaultVerificationMode represents the default verification mode for the Top Origin. At this time this
// mode is the same as TopOriginIgnoreVerificationMode until such a time as the specification becomes stable. This
// value is intended as a fallback value and implementers should very intentionally pick another option if they want
// stability.
TopOriginDefaultVerificationMode TopOriginVerificationMode = iota
// TopOriginIgnoreVerificationMode ignores verification entirely.
TopOriginIgnoreVerificationMode
// TopOriginAutoVerificationMode represents the automatic verification mode for the Top Origin. In this mode the
// If the Top Origins parameter has values it checks against this, otherwise it checks against the Origins parameter.
TopOriginAutoVerificationMode
// TopOriginImplicitVerificationMode represents the implicit verification mode for the Top Origin. In this mode the
// Top Origin is verified against the allowed Origins values.
TopOriginImplicitVerificationMode
// TopOriginExplicitVerificationMode represents the explicit verification mode for the Top Origin. In this mode the
// Top Origin is verified against the allowed Top Origins values.
TopOriginExplicitVerificationMode
)

165
webauthn/client_test.go Normal file
View File

@@ -0,0 +1,165 @@
package webauthn
import (
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func setupCollectedClientData(challenge URLEncodedBase64, origin string) *CollectedClientData {
ccd := &CollectedClientData{
Type: CreateCeremony,
Origin: origin,
Challenge: challenge.String(),
}
return ccd
}
func TestVerifyCollectedClientData(t *testing.T) {
newChallenge, err := CreateChallenge()
require.NoError(t, err)
ccd := setupCollectedClientData(newChallenge, "http://example.com")
storedChallenge := newChallenge
require.NoError(
t,
ccd.Verify(
storedChallenge.String(),
ccd.Type,
[]string{ccd.Origin},
nil,
TopOriginIgnoreVerificationMode,
),
)
}
func TestVerifyCollectedClientDataIncorrectChallenge(t *testing.T) {
newChallenge, err := CreateChallenge()
if err != nil {
t.Fatalf("error creating challenge: %s", err)
}
ccd := setupCollectedClientData(newChallenge, "http://example.com")
bogusChallenge, err := CreateChallenge()
require.NoError(t, err)
assert.EqualError(
t,
ccd.Verify(
bogusChallenge.String(),
ccd.Type,
[]string{ccd.Origin},
nil,
TopOriginIgnoreVerificationMode,
),
"Error validating challenge",
)
}
func TestVerifyCollectedClientDataUnexpectedOrigin(t *testing.T) {
newChallenge, err := CreateChallenge()
if err != nil {
t.Fatalf("error creating challenge: %s", err)
}
ccd := setupCollectedClientData(newChallenge, "http://example.com")
storedChallenge := newChallenge
expectedOrigins := []string{"http://different.com"}
if err = ccd.Verify(storedChallenge.String(), ccd.Type, expectedOrigins, nil, TopOriginIgnoreVerificationMode); err == nil {
t.Fatalf(
"error expected but not received. expected %#v got %#v",
expectedOrigins,
ccd.Origin,
)
}
}
func TestVerifyCollectedClientDataWithMultipleExpectedOrigins(t *testing.T) {
newChallenge, err := CreateChallenge()
if err != nil {
t.Fatalf("error creating challenge: %s", err)
}
ccd := setupCollectedClientData(newChallenge, "http://example.com")
storedChallenge := newChallenge
expectedOrigins := []string{
"https://exmaple.com",
"9C:B4:AE:EF:05:53:6E:73:0E:C4:B8:02:E7:67:F6:7D:A4:E7:BC:26:D7:42:B5:27:FF:01:7D:68:2A:EB:FA:1D",
ccd.Origin,
}
if err = ccd.Verify(storedChallenge.String(), ccd.Type, expectedOrigins, nil, TopOriginIgnoreVerificationMode); err != nil {
t.Fatalf("error verifying challenge: expected %#v got %#v", expectedOrigins, ccd.Origin)
}
}
func TestFullyQualifiedOrigin(t *testing.T) {
testCases := []struct {
name string
have string
expected, expectedErr string
}{
{"ShouldParse", "https://app.example.com", "https://app.example.com", ``},
{"ShouldParseWithPath", "https://app.example.com/apath", "https://app.example.com", ``},
{
"ShouldParseWithPort",
"https://app.example.com:8443/apath",
"https://app.example.com:8443",
``,
},
{
"ShouldParseWithCredentials",
"https://user:password@app.example.com/",
"https://app.example.com",
``,
},
{"ShouldParseWithQuery", "https://app.example.com/?abc=123", "https://app.example.com", ``},
{"ShouldParseWithFragment", "https://app.example.com/#abc", "https://app.example.com", ``},
{
"ShouldSkipParsingAndroidNative",
"android:apk-key-hash:7d1043473d55bfa90e8530d35801d4e381bc69f0",
"android:apk-key-hash:7d1043473d55bfa90e8530d35801d4e381bc69f0",
"",
},
{
"ShouldFailToParseMissingScheme",
"app.example.com/apath",
"",
`parse "app.example.com/apath": invalid URI for request`,
},
{
"ShouldFailToParseBlankScheme",
"://app.example.com/apath",
"",
`parse "://app.example.com/apath": missing protocol scheme`,
},
{
"ShouldFailToParseMissingHost",
"https:///apath",
"",
`url 'https:///apath' does not have a host`,
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
actual, actualErr := FullyQualifiedOrigin(tc.have)
assert.Equal(t, tc.expected, actual)
if tc.expectedErr == "" {
assert.NoError(t, actualErr)
} else {
assert.EqualError(t, actualErr, tc.expectedErr)
}
})
}
}

19
webauthn/const.go Normal file
View File

@@ -0,0 +1,19 @@
package webauthn
const (
stmtX5C = "x5c"
stmtSignature = "sig"
stmtAlgorithm = "alg"
stmtVersion = "ver"
stmtECDAAKID = "ecdaaKeyId"
stmtCertInfo = "certInfo"
stmtPubArea = "pubArea"
)
// internalRemappedAuthenticatorTransport handles remapping of AuthenticatorTransport values. Specifically it is
// intentional on remapping only transports that never made recommendation but are being used in the wild. It
// should not be used to handle transports that were ratified.
var internalRemappedAuthenticatorTransport = map[string]AuthenticatorTransport{
// The Authenticator Transport 'hybrid' was previously named 'cable'; even if it was for a short period.
"cable": Hybrid,
}

469
webauthn/credential.go Normal file
View File

@@ -0,0 +1,469 @@
package webauthn
import (
"crypto/sha256"
"encoding/base64"
"io"
"net/http"
"github.com/sonr-io/common/webauthn/metadata"
)
// TrustAnchor represents a trusted root certificate or public key for attestation validation
type TrustAnchor struct {
// Format is the attestation format this anchor applies to (e.g., "packed", "tpm", "android-safetynet")
Format string
// AAGUID is the Authenticator Attestation GUID this anchor applies to (optional)
AAGUID []byte
// RootCertificate is the trusted root certificate (for X.509 chains)
RootCertificate []byte
// PublicKey is the trusted public key (for ECDAA or direct attestation)
PublicKey []byte
// Description provides human-readable information about this trust anchor
Description string
}
// CredentialPolicy defines the policy for accepting credentials
type CredentialPolicy struct {
// AllowSelfAttestation permits self-attestation (not recommended for high-security scenarios)
AllowSelfAttestation bool
// RequireAttestation requires attestation to be present and valid
RequireAttestation bool
// TrustAnchors is the list of acceptable trust anchors for attestation validation
TrustAnchors []TrustAnchor
// AllowedAAGUIDs restricts registration to specific authenticator models (if empty, all are allowed)
AllowedAAGUIDs [][]byte
// MinimumAuthenticatorLevel specifies the minimum authenticator certification level (1-3, 0 = no requirement)
MinimumAuthenticatorLevel int
}
// DefaultPolicy returns a sensible default policy for most applications
func DefaultPolicy() *CredentialPolicy {
return &CredentialPolicy{
AllowSelfAttestation: true, // Allow self-attestation for broad compatibility
RequireAttestation: false, // Don't require attestation by default
TrustAnchors: []TrustAnchor{},
AllowedAAGUIDs: [][]byte{},
MinimumAuthenticatorLevel: 0, // No certification requirement by default
}
}
// HighSecurityPolicy returns a strict policy for high-security applications
func HighSecurityPolicy() *CredentialPolicy {
return &CredentialPolicy{
AllowSelfAttestation: false, // Reject self-attestation
RequireAttestation: true, // Require valid attestation
TrustAnchors: []TrustAnchor{}, // Must be populated with specific trust anchors
AllowedAAGUIDs: [][]byte{}, // Should be populated with known secure authenticators
MinimumAuthenticatorLevel: 2, // Require at least Level 2 certification
}
}
// Credential is the basic credential type from the Credential Management specification that is inherited by WebAuthn's
// PublicKeyCredential type.
//
// Specification: Credential Management §2.2. The Credential Interface (https://www.w3.org/TR/credential-management/#credential)
type Credential struct {
// ID is The credentials identifier. The requirements for the
// identifier are distinct for each type of credential. It might
// represent a username for username/password tuples, for example.
ID string `json:"id"`
// Type is the value of the objects interface object's [[type]] slot,
// which specifies the credential type represented by this object.
// This should be type "public-key" for Webauthn credentials.
Type string `json:"type"`
}
// ParsedCredential is the parsed PublicKeyCredential interface, inherits from Credential, and contains
// the attributes that are returned to the caller when a new credential is created, or a new assertion is requested.
type ParsedCredential struct {
ID string `cbor:"id"`
Type string `cbor:"type"`
}
type PublicKeyCredential struct {
Credential
RawID URLEncodedBase64 `json:"rawId"`
ClientExtensionResults AuthenticationExtensionsClientOutputs `json:"clientExtensionResults,omitempty"`
AuthenticatorAttachment string `json:"authenticatorAttachment,omitempty"`
}
type ParsedPublicKeyCredential struct {
ParsedCredential
RawID []byte `json:"rawId"`
ClientExtensionResults AuthenticationExtensionsClientOutputs `json:"clientExtensionResults,omitempty"`
AuthenticatorAttachment AuthenticatorAttachment `json:"authenticatorAttachment,omitempty"`
}
type CredentialCreationResponse struct {
PublicKeyCredential
AttestationResponse AuthenticatorAttestationResponse `json:"response"`
}
// Implement WebAuthnCredential interface for CredentialCreationResponse
// This allows the protocol's credential types to work with Sonr's centralized validation
func (ccr *CredentialCreationResponse) GetCredentialId() string {
return ccr.ID
}
func (ccr *CredentialCreationResponse) GetPublicKey() []byte {
// URLEncodedBase64 is already []byte, so we can return it directly
return []byte(ccr.AttestationResponse.PublicKey)
}
func (ccr *CredentialCreationResponse) GetAlgorithm() int32 {
return int32(ccr.AttestationResponse.PublicKeyAlgorithm)
}
func (ccr *CredentialCreationResponse) GetRawId() string {
return string(ccr.RawID)
}
func (ccr *CredentialCreationResponse) GetClientDataJson() string {
return string(ccr.AttestationResponse.ClientDataJSON)
}
func (ccr *CredentialCreationResponse) GetAttestationObject() string {
return string(ccr.AttestationResponse.AttestationObject)
}
func (ccr *CredentialCreationResponse) GetOrigin() string {
// Parse the origin from ClientDataJSON
// The ClientDataJSON contains the origin field when parsed
// Try to parse the credential to get the collected client data
parsed, err := ccr.Parse()
if err != nil {
return ""
}
return parsed.Response.CollectedClientData.Origin
}
type ParsedCredentialCreationData struct {
ParsedPublicKeyCredential
Response ParsedAttestationResponse
Raw CredentialCreationResponse
}
// Implement WebAuthnCredential interface for ParsedCredentialCreationData
// This allows the parsed credential types to work with Sonr's centralized validation
func (pcc *ParsedCredentialCreationData) GetCredentialId() string {
return pcc.ID
}
func (pcc *ParsedCredentialCreationData) GetPublicKey() []byte {
// Get the public key from the parsed authenticator data
if len(pcc.Response.AttestationObject.AuthData.AttData.CredentialPublicKey) > 0 {
return pcc.Response.AttestationObject.AuthData.AttData.CredentialPublicKey
}
// Fallback to raw credential public key if available
return []byte(pcc.Raw.AttestationResponse.PublicKey)
}
func (pcc *ParsedCredentialCreationData) GetAlgorithm() int32 {
return int32(pcc.Raw.AttestationResponse.PublicKeyAlgorithm)
}
func (pcc *ParsedCredentialCreationData) GetRawId() string {
return string(pcc.RawID)
}
func (pcc *ParsedCredentialCreationData) GetClientDataJson() string {
return string(pcc.Raw.AttestationResponse.ClientDataJSON)
}
func (pcc *ParsedCredentialCreationData) GetAttestationObject() string {
return string(pcc.Raw.AttestationResponse.AttestationObject)
}
func (pcc *ParsedCredentialCreationData) GetOrigin() string {
return pcc.Response.CollectedClientData.Origin
}
// ParseCredentialCreationResponse is a non-agnostic function for parsing a registration response from the http library
// from stdlib. It handles some standard cleanup operations.
func ParseCredentialCreationResponse(request *http.Request) (*ParsedCredentialCreationData, error) {
if request == nil || request.Body == nil {
return nil, ErrBadRequest.WithDetails("No response given")
}
defer request.Body.Close()
defer io.Copy(io.Discard, request.Body)
return ParseCredentialCreationResponseBody(request.Body)
}
// ParseCredentialCreationResponseBody is an agnostic version of ParseCredentialCreationResponse. Implementers are
// therefore responsible for managing cleanup.
func ParseCredentialCreationResponseBody(
body io.Reader,
) (pcc *ParsedCredentialCreationData, err error) {
var ccr CredentialCreationResponse
if err = decodeBody(body, &ccr); err != nil {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").
WithInfo(err.Error()).
WithError(err)
}
return ccr.Parse()
}
// ParseCredentialCreationResponseBytes is an alternative version of ParseCredentialCreationResponseBody that just takes
// a byte slice.
func ParseCredentialCreationResponseBytes(
data []byte,
) (pcc *ParsedCredentialCreationData, err error) {
var ccr CredentialCreationResponse
if err = decodeBytes(data, &ccr); err != nil {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").
WithInfo(err.Error()).
WithError(err)
}
return ccr.Parse()
}
// Parse validates and parses the CredentialCreationResponse into a ParsedCredentialCreationData. This receiver
// is unlikely to be expressly guaranteed under the versioning policy. Users looking for this guarantee should see
// ParseCredentialCreationResponseBody instead, and this receiver should only be used if that function is inadequate
// for their use case.
func (ccr CredentialCreationResponse) Parse() (pcc *ParsedCredentialCreationData, err error) {
if ccr.ID == "" {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").WithInfo("Missing ID")
}
testB64, err := base64.RawURLEncoding.DecodeString(ccr.ID)
if err != nil || !(len(testB64) > 0) {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").
WithInfo("ID not base64.RawURLEncoded")
}
if ccr.PublicKeyCredential.Credential.Type == "" {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").
WithInfo("Missing type")
}
if ccr.PublicKeyCredential.Credential.Type != string(PublicKeyCredentialType) {
return nil, ErrBadRequest.WithDetails("Parse error for Registration").
WithInfo("Type not public-key")
}
response, err := ccr.AttestationResponse.Parse()
if err != nil {
return nil, ErrParsingData.WithDetails("Error parsing attestation response")
}
var attachment AuthenticatorAttachment
switch ccr.AuthenticatorAttachment {
case "platform":
attachment = Platform
case "cross-platform":
attachment = CrossPlatform
}
return &ParsedCredentialCreationData{
ParsedPublicKeyCredential{
ParsedCredential{ccr.ID, ccr.Type}, ccr.RawID, ccr.ClientExtensionResults, attachment,
},
*response,
ccr,
}, nil
}
// Verify the Client and Attestation data.
//
// Specification: §7.1. Registering a New Credential (https://www.w3.org/TR/webauthn/#sctn-registering-a-new-credential)
func (pcc *ParsedCredentialCreationData) Verify(
storedChallenge string,
verifyUser bool,
verifyUserPresence bool,
relyingPartyID string,
rpOrigins, rpTopOrigins []string,
rpTopOriginsVerify TopOriginVerificationMode,
mds metadata.Provider,
credParams []CredentialParameter,
) (clientDataHash []byte, err error) {
// Use default policy if none provided
return pcc.VerifyWithPolicy(storedChallenge, verifyUser, verifyUserPresence, relyingPartyID,
rpOrigins, rpTopOrigins, rpTopOriginsVerify, mds, credParams, DefaultPolicy())
}
// VerifyWithPolicy verifies the Client and Attestation data with a custom credential policy.
//
// Specification: §7.1. Registering a New Credential (https://www.w3.org/TR/webauthn/#sctn-registering-a-new-credential)
func (pcc *ParsedCredentialCreationData) VerifyWithPolicy(
storedChallenge string,
verifyUser bool,
verifyUserPresence bool,
relyingPartyID string,
rpOrigins, rpTopOrigins []string,
rpTopOriginsVerify TopOriginVerificationMode,
mds metadata.Provider,
credParams []CredentialParameter,
policy *CredentialPolicy,
) (clientDataHash []byte, err error) {
// Handles steps 3 through 6 - Verifying the Client Data against the Relying Party's stored data
if err = pcc.Response.CollectedClientData.Verify(storedChallenge, CreateCeremony, rpOrigins, rpTopOrigins, rpTopOriginsVerify); err != nil {
return nil, err
}
// Step 7. Compute the hash of response.clientDataJSON using SHA-256.
sum := sha256.Sum256(pcc.Raw.AttestationResponse.ClientDataJSON)
clientDataHash = sum[:]
// Step 8. Perform CBOR decoding on the attestationObject field of the AuthenticatorAttestationResponse
// structure to obtain the attestation statement format fmt, the authenticator data authData, and the
// attestation statement attStmt.
// We do the above step while parsing and decoding the CredentialCreationResponse
// Handle steps 9 through 14 - This verifies the attestation object.
if err = pcc.Response.AttestationObject.Verify(relyingPartyID, clientDataHash, verifyUser, verifyUserPresence, mds, credParams); err != nil {
return clientDataHash, err
}
// Step 15. If validation is successful, obtain a list of acceptable trust anchors (attestation root
// certificates or ECDAA-Issuer public keys) for that attestation type and attestation statement
// format fmt, from a trusted source or from policy. For example, the FIDO Metadata Service provides
// one way to obtain such information, using the AAGUID in the attestedCredentialData in authData.
// [https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-service-v2.0-id-20180227.html]
// Apply policy validation if provided
if policy != nil {
// Check if attestation is required
if policy.RequireAttestation && pcc.Response.AttestationObject.Format == "none" {
return clientDataHash, ErrAttestationFormat.WithDetails(
"Attestation required by policy but not provided",
)
}
// Check AAGUID restrictions
if len(policy.AllowedAAGUIDs) > 0 {
aaguid := pcc.Response.AttestationObject.AuthData.AttData.AAGUID
allowed := false
for _, allowedAAGUID := range policy.AllowedAAGUIDs {
if string(aaguid) == string(allowedAAGUID) {
allowed = true
break
}
}
if !allowed {
return clientDataHash, ErrAttestationFormat.WithDetails(
"Authenticator AAGUID not in allowed list",
)
}
}
}
// Step 16. Assess the attestation trustworthiness using outputs of the verification procedure in step 14, as follows:
// - If self attestation was used, check if self attestation is acceptable under Relying Party policy.
// - If ECDAA was used, verify that the identifier of the ECDAA-Issuer public key used is included in
// the set of acceptable trust anchors obtained in step 15.
// - Otherwise, use the X.509 certificates returned by the verification procedure to verify that the
// attestation public key correctly chains up to an acceptable root certificate.
// Check self-attestation policy
if policy != nil && !policy.AllowSelfAttestation {
// Check if this is self-attestation (format is "packed" with no x5c chain)
if pcc.Response.AttestationObject.Format == "packed" {
// Self-attestation in packed format has no x5c certificate chain
if _, hasX5C := pcc.Response.AttestationObject.AttStatement["x5c"]; !hasX5C {
return clientDataHash, ErrAttestationFormat.WithDetails(
"Self-attestation not allowed by policy",
)
}
}
}
// Step 17. Check that the credentialId is not yet registered to any other user. If registration is
// requested for a credential that is already registered to a different user, the Relying Party SHOULD
// fail this registration ceremony, or it MAY decide to accept the registration, e.g. while deleting
// the older registration.
// Note: The Relying Party must check for duplicate credential IDs against their database.
// This cannot be enforced at the library level.
// Step 18 If the attestation statement attStmt verified successfully and is found to be trustworthy, then
// register the new credential with the account that was denoted in the options.user passed to create(), by
// associating it with the credentialId and credentialPublicKey in the attestedCredentialData in authData, as
// appropriate for the Relying Party's system.
// Step 19. If the attestation statement attStmt successfully verified but is not trustworthy per step 16 above,
// the Relying Party SHOULD fail the registration ceremony.
// Policy validation has been implemented above to handle trust assessment
return clientDataHash, nil
}
// GetAppID takes a AuthenticationExtensions object or nil. It then performs the following checks in order:
//
// 1. Check that the Session Data's AuthenticationExtensions has been provided and if it hasn't return an error.
// 2. Check that the AuthenticationExtensionsClientOutputs contains the extensions output and return an empty string if it doesn't.
// 3. Check that the Credential AttestationType is `fido-u2f` and return an empty string if it isn't.
// 4. Check that the AuthenticationExtensionsClientOutputs contains the appid key and if it doesn't return an empty string.
// 5. Check that the AuthenticationExtensionsClientOutputs appid is a bool and if it isn't return an error.
// 6. Check that the appid output is true and if it isn't return an empty string.
// 7. Check that the Session Data has an appid extension defined and if it doesn't return an error.
// 8. Check that the appid extension in Session Data is a string and if it isn't return an error.
// 9. Return the appid extension value from the Session data.
func (ppkc ParsedPublicKeyCredential) GetAppID(
authExt AuthenticationExtensions,
credentialAttestationType string,
) (appID string, err error) {
var (
value, clientValue any
enableAppID, ok bool
)
if authExt == nil {
return "", nil
}
if ppkc.ClientExtensionResults == nil {
return "", nil
}
// If the credential does not have the correct attestation type it is assumed to NOT be a fido-u2f credential.
// https://www.w3.org/TR/webauthn/#sctn-fido-u2f-attestation
if credentialAttestationType != CredentialTypeFIDOU2F {
return "", nil
}
if clientValue, ok = ppkc.ClientExtensionResults[ExtensionAppID]; !ok {
return "", nil
}
if enableAppID, ok = clientValue.(bool); !ok {
return "", ErrBadRequest.WithDetails("Client Output appid did not have the expected type")
}
if !enableAppID {
return "", nil
}
if value, ok = authExt[ExtensionAppID]; !ok {
return "", ErrBadRequest.WithDetails(
"Session Data does not have an appid but Client Output indicates it should be set",
)
}
if appID, ok = value.(string); !ok {
return "", ErrBadRequest.WithDetails("Session Data appid did not have the expected type")
}
return appID, nil
}
const (
CredentialTypeFIDOU2F = "fido-u2f"
)

367
webauthn/credential_test.go Normal file
View File

@@ -0,0 +1,367 @@
package webauthn
import (
"bytes"
"encoding/base64"
"io"
"testing"
"github.com/stretchr/testify/assert"
"github.com/sonr-io/common/webauthn/webauthncbor"
"github.com/sonr-io/common/webauthn/webauthncose"
)
func TestParseCredentialCreationResponse(t *testing.T) {
type args struct {
responseName string
}
byteID, _ := base64.RawURLEncoding.DecodeString(
"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
)
byteAuthData, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
)
byteRPIDHash, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA",
)
byteCredentialPubKey, _ := base64.RawURLEncoding.DecodeString(
"pSJYIMfCKfxl2SvnqJIiHQysHmpmITNgtCkQ5ESExSRjqrhXAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNc",
)
byteAttObject, _ := base64.RawURLEncoding.DecodeString(
"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
)
byteClientDataJSON, _ := base64.RawURLEncoding.DecodeString(
"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ",
)
testCases := []struct {
name string
args args
expected *ParsedCredentialCreationData
errString string
errType string
errDetails string
errInfo string
}{
{
name: "ShouldParseCredentialRequest",
args: args{
responseName: "success",
},
expected: &ParsedCredentialCreationData{
ParsedPublicKeyCredential: ParsedPublicKeyCredential{
ParsedCredential: ParsedCredential{
ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
Type: string(PublicKeyCredentialType),
},
RawID: byteID,
ClientExtensionResults: AuthenticationExtensionsClientOutputs{
"appid": true,
},
AuthenticatorAttachment: Platform,
},
Response: ParsedAttestationResponse{
CollectedClientData: CollectedClientData{
Type: CeremonyType("webauthn.create"),
Challenge: "W8GzFU8pGjhoRbWrLDlamAfq_y4S1CZG1VuoeRLARrE",
Origin: "https://webauthn.io",
},
AttestationObject: AttestationObject{
Format: "none",
RawAuthData: byteAuthData,
AuthData: AuthenticatorData{
RPIDHash: byteRPIDHash,
Counter: 0,
Flags: 0x041,
AttData: AttestedCredentialData{
AAGUID: make([]byte, 16),
CredentialID: byteID,
CredentialPublicKey: byteCredentialPubKey,
},
},
},
Transports: []AuthenticatorTransport{USB, NFC, "fake"},
},
Raw: CredentialCreationResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{
Type: string(PublicKeyCredentialType),
ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
},
RawID: byteID,
ClientExtensionResults: AuthenticationExtensionsClientOutputs{
"appid": true,
},
AuthenticatorAttachment: "platform",
},
AttestationResponse: AuthenticatorAttestationResponse{
AuthenticatorResponse: AuthenticatorResponse{
ClientDataJSON: byteClientDataJSON,
},
AttestationObject: byteAttObject,
Transports: []string{"usb", "nfc", "fake"},
},
},
},
errString: "",
},
{
name: "ShouldHandleTrailingData",
args: args{
responseName: "trailingData",
},
expected: nil,
errString: "Parse error for Registration",
errType: "invalid_request",
errDetails: "Parse error for Registration",
errInfo: "The body contains trailing data",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
body := io.NopCloser(
bytes.NewReader([]byte(testCredentialRequestResponses[tc.args.responseName])),
)
actual, err := ParseCredentialCreationResponseBody(body)
if tc.errString != "" {
assert.EqualError(t, err, tc.errString)
AssertIsProtocolError(t, err, tc.errType, tc.errDetails, tc.errInfo)
return
}
assert.Equal(t, tc.expected.ClientExtensionResults, actual.ClientExtensionResults)
assert.Equal(t, tc.expected.ID, actual.ID)
assert.Equal(t, tc.expected.Type, actual.Type)
assert.Equal(t, tc.expected.ParsedCredential, actual.ParsedCredential)
assert.Equal(t, tc.expected.ParsedPublicKeyCredential, actual.ParsedPublicKeyCredential)
assert.Equal(t, tc.expected.ParsedPublicKeyCredential, actual.ParsedPublicKeyCredential)
assert.Equal(t, tc.expected.Raw, actual.Raw)
assert.Equal(t, tc.expected.RawID, actual.RawID)
assert.Equal(t, tc.expected.Response.Transports, actual.Response.Transports)
assert.Equal(
t,
tc.expected.Response.CollectedClientData,
actual.Response.CollectedClientData,
)
assert.Equal(
t,
tc.expected.Response.AttestationObject.AuthData.AttData.CredentialID,
actual.Response.AttestationObject.AuthData.AttData.CredentialID,
)
assert.Equal(
t,
tc.expected.Response.AttestationObject.Format,
actual.Response.AttestationObject.Format,
)
// Unmarshall CredentialPublicKey
var pkExpected, pkActual any
pkBytesExpected := tc.expected.Response.AttestationObject.AuthData.AttData.CredentialPublicKey
assert.NoError(t, webauthncbor.Unmarshal(pkBytesExpected, &pkExpected))
pkBytesActual := actual.Response.AttestationObject.AuthData.AttData.CredentialPublicKey
assert.NoError(t, webauthncbor.Unmarshal(pkBytesActual, &pkActual))
assert.Equal(t, pkExpected, pkActual)
})
}
}
func TestParsedCredentialCreationData_Verify(t *testing.T) {
byteID, _ := base64.RawURLEncoding.DecodeString(
"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
)
byteChallenge, _ := base64.RawURLEncoding.DecodeString(
"W8GzFU8pGjhoRbWrLDlamAfq_y4S1CZG1VuoeRLARrE",
)
byteAuthData, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
)
byteRPIDHash, _ := base64.RawURLEncoding.DecodeString(
"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvA",
)
byteCredentialPubKey, _ := base64.RawURLEncoding.DecodeString(
"pSJYIMfCKfxl2SvnqJIiHQysHmpmITNgtCkQ5ESExSRjqrhXAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNc",
)
byteAttObject, _ := base64.RawURLEncoding.DecodeString(
"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
)
byteClientDataJSON, _ := base64.RawURLEncoding.DecodeString(
"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ",
)
type fields struct {
ParsedPublicKeyCredential ParsedPublicKeyCredential
Response ParsedAttestationResponse
Raw CredentialCreationResponse
}
type args struct {
storedChallenge URLEncodedBase64
verifyUser bool
relyingPartyID string
relyingPartyOrigin []string
credParams []CredentialParameter
}
tests := []struct {
name string
fields fields
args args
wantErr bool
}{
{
name: "Successful Verification Test",
fields: fields{
ParsedPublicKeyCredential: ParsedPublicKeyCredential{
ParsedCredential: ParsedCredential{
ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
Type: string(PublicKeyCredentialType),
},
RawID: byteID,
},
Response: ParsedAttestationResponse{
CollectedClientData: CollectedClientData{
Type: CeremonyType("webauthn.create"),
Challenge: "W8GzFU8pGjhoRbWrLDlamAfq_y4S1CZG1VuoeRLARrE",
Origin: "https://webauthn.io",
},
AttestationObject: AttestationObject{
Format: "none",
RawAuthData: byteAuthData,
AuthData: AuthenticatorData{
RPIDHash: byteRPIDHash,
Counter: 0,
Flags: 0x041,
AttData: AttestedCredentialData{
AAGUID: make([]byte, 16),
CredentialID: byteID,
CredentialPublicKey: byteCredentialPubKey,
},
},
},
},
Raw: CredentialCreationResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{
Type: string(PublicKeyCredentialType),
ID: "6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
},
RawID: byteID,
},
AttestationResponse: AuthenticatorAttestationResponse{
AuthenticatorResponse: AuthenticatorResponse{
ClientDataJSON: byteClientDataJSON,
},
AttestationObject: byteAttObject,
},
},
},
args: args{
storedChallenge: URLEncodedBase64(byteChallenge),
verifyUser: false,
relyingPartyID: `webauthn.io`,
relyingPartyOrigin: []string{`https://webauthn.io`},
credParams: []CredentialParameter{
{Type: "public-key", Algorithm: webauthncose.AlgES256},
},
},
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
pcc := &ParsedCredentialCreationData{
ParsedPublicKeyCredential: tt.fields.ParsedPublicKeyCredential,
Response: tt.fields.Response,
Raw: tt.fields.Raw,
}
if _, err := pcc.Verify(tt.args.storedChallenge.String(), tt.args.verifyUser, false, tt.args.relyingPartyID, tt.args.relyingPartyOrigin, nil, TopOriginIgnoreVerificationMode, nil, tt.args.credParams); (err != nil) != tt.wantErr {
t.Errorf(
"ParsedCredentialCreationData.Verify() error = %+v, wantErr %v",
err,
tt.wantErr,
)
}
})
}
}
var testCredentialRequestResponses = map[string]string{
`success`: `
{
"id":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"rawId":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"type":"public-key",
"authenticatorAttachment":"platform",
"clientExtensionResults":{
"appid":true
},
"response":{
"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ",
"transports":["usb","nfc","fake"]
}
}
`,
`trailingData`: `
{
"id":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"rawId":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"type":"public-key",
"authenticatorAttachment":"platform",
"clientExtensionResults":{
"appid":true
},
"response":{
"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ",
"transports":["usb","nfc","fake"]
}
}
trailing
`,
`successDeprecatedTransports`: `
{
"id":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"rawId":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"type":"public-key",
"authenticatorAttachment":"not-valid",
"transports":["usb","nfc","fake"],
"clientExtensionResults":{
"appid":true
},
"response":{
"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ"
}
}
`,
`successDeprecatedTransportsAndNew`: `
{
"id":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"rawId":"6xrtBhJQW6QU4tOaB4rrHaS2Ks0yDDL_q8jDC16DEjZ-VLVf4kCRkvl2xp2D71sTPYns-exsHQHTy3G-zJRK8g",
"type":"public-key",
"authenticatorAttachment":"cross-platform",
"transports":["usb","nfc","fake"],
"clientExtensionResults":{
"appid":true
},
"response":{
"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjEdKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOsa7QYSUFukFOLTmgeK6x2ktirNMgwy_6vIwwtegxI2flS1X-JAkZL5dsadg-9bEz2J7PnsbB0B08txvsyUSvKlAQIDJiABIVggLKF5xS0_BntttUIrm2Z2tgZ4uQDwllbdIfrrBMABCNciWCDHwin8Zdkr56iSIh0MrB5qZiEzYLQpEOREhMUkY6q4Vw",
"clientDataJSON":"eyJjaGFsbGVuZ2UiOiJXOEd6RlU4cEdqaG9SYldyTERsYW1BZnFfeTRTMUNaRzFWdW9lUkxBUnJFIiwib3JpZ2luIjoiaHR0cHM6Ly93ZWJhdXRobi5pbyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ",
"transports":["usb","nfc"]
}
}
`,
}

40
webauthn/decoder.go Normal file
View File

@@ -0,0 +1,40 @@
package webauthn
import (
"bytes"
"encoding/json"
"errors"
"io"
)
func decodeBody(body io.Reader, v any) (err error) {
decoder := json.NewDecoder(body)
if err = decoder.Decode(v); err != nil {
return err
}
_, err = decoder.Token()
if !errors.Is(err, io.EOF) {
return errors.New("The body contains trailing data")
}
return nil
}
func decodeBytes(data []byte, v any) (err error) {
decoder := json.NewDecoder(bytes.NewReader(data))
if err = decoder.Decode(v); err != nil {
return err
}
_, err = decoder.Token()
if !errors.Is(err, io.EOF) {
return errors.New("The body contains trailing data")
}
return nil
}

8
webauthn/doc.go Normal file
View File

@@ -0,0 +1,8 @@
// Package webauthn contains data structures and validation functionality
// outlined in the Web Authentication specification (https://www.w3.org/TR/webauthn).
// The data structures here attempt to conform as much as possible to their definitions,
// but some structs (like those that are used as part of validation steps) contain
// additional fields that help us unpack and validate the data we unmarshall.
// When implementing this library, most developers will primarily be using the API
// outlined in the webauthn package.
package webauthn

46
webauthn/entities.go Normal file
View File

@@ -0,0 +1,46 @@
package webauthn
// CredentialEntity represents the PublicKeyCredentialEntity IDL and it describes a user account, or a WebAuthn Relying
// Party with which a public key credential is associated.
//
// Specification: §5.4.1. Public Key Entity Description (https://www.w3.org/TR/webauthn/#dictionary-pkcredentialentity)
type CredentialEntity struct {
// A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents:
//
// When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the Relying Party,
// intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех".
//
// When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is
// intended only for display, i.e., aiding the user in determining the difference between user accounts with similar
// displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234".
Name string `json:"name"`
}
// The RelyingPartyEntity represents the PublicKeyCredentialRpEntity IDL and is used to supply additional Relying Party
// attributes when creating a new credential.
//
// Specification: §5.4.2. Relying Party Parameters for Credential Generation (https://www.w3.org/TR/webauthn/#dictionary-rp-credential-params)
type RelyingPartyEntity struct {
CredentialEntity
// A unique identifier for the Relying Party entity, which sets the RP ID.
ID string `json:"id"`
}
// The UserEntity represents the PublicKeyCredentialUserEntity IDL and is used to supply additional user account
// attributes when creating a new credential.
//
// Specification: §5.4.3 User Account Parameters for Credential Generation (https://www.w3.org/TR/webauthn/#dictdef-publickeycredentialuserentity)
type UserEntity struct {
CredentialEntity
// A human-palatable name for the user account, intended only for display.
// For example, "Alex P. Müller" or "田中 倫". The Relying Party SHOULD let
// the user choose this, and SHOULD NOT restrict the choice more than necessary.
DisplayName string `json:"displayName"`
// ID is the user handle of the user account entity. To ensure secure operation,
// authentication and authorization decisions MUST be made on the basis of this id
// member, not the displayName nor name members. See Section 6.1 of
// [RFC8266](https://www.w3.org/TR/webauthn/#biblio-rfc8266).
ID any `json:"id"`
}

107
webauthn/errors.go Normal file
View File

@@ -0,0 +1,107 @@
package webauthn
type Error struct {
// Short name for the type of error that has occurred.
Type string `json:"type"`
// Additional details about the error.
Details string `json:"error"`
// Information to help debug the error.
DevInfo string `json:"debug"`
// Inner error.
Err error `json:"-"`
}
func (e *Error) Error() string {
return e.Details
}
func (e *Error) Unwrap() error {
return e.Err
}
func (e *Error) WithDetails(details string) *Error {
err := *e
err.Details = details
return &err
}
func (e *Error) WithInfo(info string) *Error {
err := *e
err.DevInfo = info
return &err
}
func (e *Error) WithError(err error) *Error {
errCopy := *e
errCopy.Err = err
return &errCopy
}
var (
ErrBadRequest = &Error{
Type: "invalid_request",
Details: "Error reading the request data",
}
ErrChallengeMismatch = &Error{
Type: "challenge_mismatch",
Details: "Stored challenge and received challenge do not match",
}
ErrParsingData = &Error{
Type: "parse_error",
Details: "Error parsing the authenticator response",
}
ErrAuthData = &Error{
Type: "auth_data",
Details: "Error verifying the authenticator data",
}
ErrVerification = &Error{
Type: "verification_error",
Details: "Error validating the authenticator response",
}
ErrAttestation = &Error{
Type: "attestation_error",
Details: "Error validating the attestation data provided",
}
ErrInvalidAttestation = &Error{
Type: "invalid_attestation",
Details: "Invalid attestation data",
}
ErrMetadata = &Error{
Type: "invalid_metadata",
Details: "",
}
ErrAttestationFormat = &Error{
Type: "invalid_attestation",
Details: "Invalid attestation format",
}
ErrAttestationCertificate = &Error{
Type: "invalid_certificate",
Details: "Invalid attestation certificate",
}
ErrAssertionSignature = &Error{
Type: "invalid_signature",
Details: "Assertion Signature against auth data and client hash is not valid",
}
ErrUnsupportedKey = &Error{
Type: "invalid_key_type",
Details: "Unsupported Public Key Type",
}
ErrUnsupportedAlgorithm = &Error{
Type: "unsupported_key_algorithm",
Details: "Unsupported public key algorithm",
}
ErrNotSpecImplemented = &Error{
Type: "spec_unimplemented",
Details: "This field is not yet supported by the WebAuthn spec",
}
ErrNotImplemented = &Error{
Type: "not_implemented",
Details: "This field is not yet supported by this library",
}
)

13
webauthn/extensions.go Normal file
View File

@@ -0,0 +1,13 @@
package webauthn
// Extensions are discussed in §9. WebAuthn Extensions (https://www.w3.org/TR/webauthn/#extensions).
// For a list of commonly supported extensions, see §10. Defined Extensions
// (https://www.w3.org/TR/webauthn/#sctn-defined-extensions).
type AuthenticationExtensionsClientOutputs map[string]any
const (
ExtensionAppID = "appid"
ExtensionAppIDExclude = "appidExclude"
)

19
webauthn/func_test.go Normal file
View File

@@ -0,0 +1,19 @@
package webauthn
import (
"errors"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func AssertIsProtocolError(t *testing.T, err error, errType, errDetails, errInfo string) {
var e *Error
require.True(t, errors.As(err, &e))
assert.Equal(t, errType, e.Type)
assert.Equal(t, errDetails, e.Details)
assert.Equal(t, errInfo, e.DevInfo)
}

166
webauthn/metadata.go Normal file
View File

@@ -0,0 +1,166 @@
package webauthn
import (
"context"
"crypto/x509"
"fmt"
"github.com/google/uuid"
"github.com/sonr-io/common/webauthn/metadata"
)
func ValidateMetadata(
ctx context.Context,
mds metadata.Provider,
aaguid uuid.UUID,
attestationType string,
x5cs []any,
) (protoErr *Error) {
if mds == nil {
return nil
}
var (
entry *metadata.Entry
err error
)
if entry, err = mds.GetEntry(ctx, aaguid); err != nil {
return ErrMetadata.WithInfo(
fmt.Sprintf(
"Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred retreiving the metadata entry: %+v",
aaguid,
err,
),
)
}
if entry == nil {
if aaguid == uuid.Nil && mds.GetValidateEntryPermitZeroAAGUID(ctx) {
return nil
}
if mds.GetValidateEntry(ctx) {
return ErrMetadata.WithInfo(
fmt.Sprintf(
"Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. The authenticator has no registered metadata.",
aaguid,
),
)
}
return nil
}
if attestationType != "" && mds.GetValidateAttestationTypes(ctx) {
found := false
for _, atype := range entry.MetadataStatement.AttestationTypes {
if string(atype) == attestationType {
found = true
break
}
}
if !found {
return ErrMetadata.WithInfo(
fmt.Sprintf(
"Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. The attestation type '%s' is not known to be used by this authenticator.",
aaguid.String(),
attestationType,
),
)
}
}
if mds.GetValidateStatus(ctx) {
if err = mds.ValidateStatusReports(ctx, entry.StatusReports); err != nil {
return ErrMetadata.WithInfo(
fmt.Sprintf(
"Failed to validate authenticator metadata for Authenticator Attestation GUID '%s'. Error occurred validating the authenticator status: %+v",
aaguid,
err,
),
)
}
}
if mds.GetValidateTrustAnchor(ctx) {
if len(x5cs) == 0 {
return nil
}
var (
x5c, parsed *x509.Certificate
x5cis []*x509.Certificate
raw []byte
ok bool
)
for i, x5cAny := range x5cs {
if raw, ok = x5cAny.([]byte); !ok {
return ErrMetadata.WithDetails(fmt.Sprintf("Failed to parse attestation certificate from x5c during attestation validation for Authenticator Attestation GUID '%s'.", aaguid)).
WithInfo(fmt.Sprintf("The %s certificate in the attestation was type '%T' but '[]byte' was expected", loopOrdinalNumber(i), x5cAny))
}
if parsed, err = x509.ParseCertificate(raw); err != nil {
return ErrMetadata.WithDetails(fmt.Sprintf("Failed to parse attestation certificate from x5c during attestation validation for Authenticator Attestation GUID '%s'.", aaguid)).
WithInfo(fmt.Sprintf("Error returned from x509.ParseCertificate: %+v", err)).
WithError(err)
}
if x5c == nil {
x5c = parsed
} else {
x5cis = append(x5cis, parsed)
}
}
if attestationType == string(metadata.AttCA) {
if protoErr = tpmParseAIKAttCA(x5c, x5cis); protoErr != nil {
return ErrMetadata.WithDetails(protoErr.Details).
WithInfo(protoErr.DevInfo).
WithError(protoErr)
}
}
if x5c != nil && x5c.Subject.CommonName != x5c.Issuer.CommonName {
if !entry.MetadataStatement.AttestationTypes.HasBasicFull() {
return ErrMetadata.WithDetails(
fmt.Sprintf(
"Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. Attestation was provided in the full format but the authenticator doesn't support the full attestation format.",
aaguid,
),
)
}
if _, err = x5c.Verify(entry.MetadataStatement.Verifier(x5cis)); err != nil {
return ErrMetadata.WithDetails(fmt.Sprintf("Failed to validate attestation statement signature during attestation validation for Authenticator Attestation GUID '%s'. The attestation certificate could not be verified due to an error validating the trust chain against the Metadata Service.", aaguid)).
WithError(err)
}
}
}
return nil
}
func loopOrdinalNumber(n int) string {
n++
if n > 9 && n < 20 {
return fmt.Sprintf("%dth", n)
}
switch n % 10 {
case 1:
return fmt.Sprintf("%dst", n)
case 2:
return fmt.Sprintf("%dnd", n)
case 3:
return fmt.Sprintf("%drd", n)
default:
return fmt.Sprintf("%dth", n)
}
}

35
webauthn/metadata/const.go Normal file
View File

@@ -0,0 +1,35 @@
package metadata
const (
// https://secure.globalsign.com/cacert/root-r3.crt
ProductionMDSRoot = "MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9f"
// Production MDS URL
ProductionMDSURL = "https://mds.fidoalliance.org"
// https://mds3.fido.tools/pki/MDS3ROOT.crt
ConformanceMDSRoot = "MIICaDCCAe6gAwIBAgIPBCqih0DiJLW7+UHXx/o1MAoGCCqGSM49BAMDMGcxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1GSURPIEFsbGlhbmNlMScwJQYDVQQLDB5GQUtFIE1ldGFkYXRhIDMgQkxPQiBST09UIEZBS0UxFzAVBgNVBAMMDkZBS0UgUm9vdCBGQUtFMB4XDTE3MDIwMTAwMDAwMFoXDTQ1MDEzMTIzNTk1OVowZzELMAkGA1UEBhMCVVMxFjAUBgNVBAoMDUZJRE8gQWxsaWFuY2UxJzAlBgNVBAsMHkZBS0UgTWV0YWRhdGEgMyBCTE9CIFJPT1QgRkFLRTEXMBUGA1UEAwwORkFLRSBSb290IEZBS0UwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASKYiz3YltC6+lmxhPKwA1WFZlIqnX8yL5RybSLTKFAPEQeTD9O6mOz+tg8wcSdnVxHzwnXiQKJwhrav70rKc2ierQi/4QUrdsPes8TEirZOkCVJurpDFbXZOgs++pa4XmjYDBeMAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQGcfeCs0Y8D+lh6U5B2xSrR74eHTAfBgNVHSMEGDAWgBQGcfeCs0Y8D+lh6U5B2xSrR74eHTAKBggqhkjOPQQDAwNoADBlAjEA/xFsgri0xubSa3y3v5ormpPqCwfqn9s0MLBAtzCIgxQ/zkzPKctkiwoPtDzI51KnAjAmeMygX2S5Ht8+e+EQnezLJBJXtnkRWY+Zt491wgt/AwSs5PHHMv5QgjELOuMxQBc="
// Example from https://fidoalliance.org/specs/mds/fido-metadata-service-v3.1-ps-20250521.html#sctn-examples
ExampleMDSRoot = "MIIGGTCCBAGgAwIBAgIUdT9qLX0sVMRe8l0sLmHd3mZovQ0wDQYJKoZIhvcNAQELBQAwgZsxHzAdBgNVBAMMFkVYQU1QTEUgTURTMyBURVNUIFJPT1QxIjAgBgkqhkiG9w0BCQEWE2V4YW1wbGVAZXhhbXBsZS5jb20xFDASBgNVBAoMC0V4YW1wbGUgT1JHMRAwDgYDVQQLDAdFeGFtcGxlMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTVkxEjAQBgNVBAcMCVdha2VmaWVsZDAeFw0yMTA0MTkxMTM1MDdaFw00ODA5MDQxMTM1MDdaMIGbMR8wHQYDVQQDDBZFWEFNUExFIE1EUzMgVEVTVCBST09UMSIwIAYJKoZIhvcNAQkBFhNleGFtcGxlQGV4YW1wbGUuY29tMRQwEgYDVQQKDAtFeGFtcGxlIE9SRzEQMA4GA1UECwwHRXhhbXBsZTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk1ZMRIwEAYDVQQHDAlXYWtlZmllbGQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDDjF5wyEWuhwDHsZosGdGFTCcI677rW881vV+UfW38J+K2ioFFNeGVsxbcebK6AVOiCDPFj0974IpeD9SFOhwAHoDu/LCfXdQWp8ZgQ91ULYWoW8o7NNSp01nbN9zmaO6/xKNCa0bzjmXoGqglqnP1AtRcWYvXOSKZy1rcPeDv4Dhcpdp6W72fBw0eWIqOhsrItuY2/N8ItBPiG03EX72nACq4nZJ/nAIcUbER8STSFPPzvE97TvShsi1FD8aO6l1WkR/QkreAGjMI++GbB2Qc1nN9Y/VEDbMDhQtxXQRdpFwubTjejkN9hKOtF3B71YrwIrng3V9RoPMFdapWMzSlI+WWHog0oTj1PqwJDDg7+z1I6vSDeVWAMKr9mq1w1OGNzgBopIjd9lRWkRtt2kQSPX9XxqS4E1gDDr8MKbpM3JuubQtNCg9D7Ljvbz6vwvUrbPHH+oREvucsp0PZ5PpizloepGIcLFxDQqCulGY2n7Ahl0JOFXJqOFCaK3TWHwBvZsaY5DgBuUvdUrwtgZNg2eg2omWXEepiVFQn3Fvj43Wh2npPMgIe5P0rwncXvROxaczd4rtajKS1ucoB9b9iKqM2+M1y/FDIgVf1fWEHwK7YdzxMlgOeLdeV/kqRU5PEUlLU9a2EwdOErrPbPKZmIfbs/L4B3k4zejMDH3Y+ZwIDAQABo1MwUTAdBgNVHQ4EFgQU8sWwq1TrurK7xMTwO1dKfeJBbCMwHwYDVR0jBBgwFoAU8sWwq1TrurK7xMTwO1dKfeJBbCMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFw6M1PiIfCPIBQ5EBUPNmRvRFuDpolOmDofnf/+mv63LqwQZAdo/W8tzZ9kOFhq24SiLw0H7fsdG/jeREXiIZMNoW/rA6Uac8sU+FYF7Q+qp6CQLlSQbDcpVMifTQjcBk2xh+aLK9SrrXBqnTAhwS+offGtAW8DpoLuH4tAcQmIjlgMlN65jnELCuqNR/wpA+zch8LZW8saQ2cwRCwdr8mAzZoLbsDSVCHxQF3/kQjPT7Nao1q2iWcY3OYcRmKrieHDP67yeLUbVmetfZis2d6ZlkqHLB4ZW1xX4otsEFkuTJA3HWDRsNyhTwx1YoCLsYut5Zp0myqPNBq28w6qGMyyoJN0Z4RzMEO3R6i/MQNfhK55/8O2HciM6xb5t/aBSuHPKlBDrFWhpRnKYkaNtlUo35qV5IbKGKau3SdZdSRciaXUd/p81YmoF01UlhhMz/Rqr1k2gyA0a9tF8+awCeanYt5izl8YO0FlrOU1SQ5UQw4szqqZqbrf4e8fRuU2TXNx4zk+ImE7WRB44f6mSD746ZCBRogZ/SA5jUBu+OPe4/sEtERWRcQD+fXgce9ZEN0+peyJIKAsl5Rm2Bmgyg5IoyWwSG5W+WekGyEokpslou2Yc6EjUj5ndZWz5EiHAiQ74hNfDoCZIxVVLU3Qbp8a0S1bmsoT2JOsspIbtZUg="
)
const (
HeaderX509URI = "x5u"
HeaderX509Certificate = "x5c"
)
var (
errIntermediateCertRevoked = &Error{
Type: "intermediate_revoked",
Details: "Intermediate certificate is on issuers revocation list",
}
errLeafCertRevoked = &Error{
Type: "leaf_revoked",
Details: "Leaf certificate is on issuers revocation list",
}
errCRLUnavailable = &Error{
Type: "crl_unavailable",
Details: "Certificate revocation list is unavailable",
}
)

299
webauthn/metadata/decode.go Normal file
View File

@@ -0,0 +1,299 @@
package metadata
import (
"crypto/x509"
"encoding/base64"
"errors"
"fmt"
"io"
"net/http"
"strings"
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/mitchellh/mapstructure"
"github.com/sonr-io/common/webauthn/revoke"
)
// NewDecoder returns a new metadata decoder.
func NewDecoder(opts ...DecoderOption) (decoder *Decoder, err error) {
decoder = &Decoder{
client: &http.Client{},
parser: jwt.NewParser(),
hook: mapstructure.ComposeDecodeHookFunc(),
}
for _, opt := range opts {
if err = opt(decoder); err != nil {
return nil, fmt.Errorf("failed to apply decoder option: %w", err)
}
}
if decoder.root == "" {
decoder.root = ProductionMDSRoot
}
return decoder, nil
}
// Decoder handles decoding and specialized parsing of the metadata blob.
type Decoder struct {
client *http.Client
parser *jwt.Parser
hook mapstructure.DecodeHookFunc
root string
ignoreEntryParsingErrors bool
}
// Parse handles parsing of the raw JSON values of the metadata blob. Should be used after using [Decoder.Decode] or
// [Decoder.DecodeBytes].
func (d *Decoder) Parse(payload *PayloadJSON) (metadata *Metadata, err error) {
metadata = &Metadata{
Parsed: Parsed{
LegalHeader: payload.LegalHeader,
Number: payload.Number,
},
}
if metadata.Parsed.NextUpdate, err = time.Parse(time.DateOnly, payload.NextUpdate); err != nil {
return nil, fmt.Errorf(
"error occurred parsing next update value '%s': %w",
payload.NextUpdate,
err,
)
}
var parsed Entry
for _, entry := range payload.Entries {
if parsed, err = entry.Parse(); err != nil {
metadata.Unparsed = append(metadata.Unparsed, EntryError{
Error: err,
EntryJSON: entry,
})
continue
}
metadata.Parsed.Entries = append(metadata.Parsed.Entries, parsed)
}
if n := len(metadata.Unparsed); n != 0 && !d.ignoreEntryParsingErrors {
return metadata, fmt.Errorf(
"error occurred parsing metadata: %d entries had errors during parsing",
n,
)
}
return metadata, nil
}
// Decode the blob from an [io.Reader]. This function will close the [io.ReadCloser] after completing.
func (d *Decoder) Decode(r io.Reader) (payload *PayloadJSON, err error) {
bytes, err := io.ReadAll(r)
if err != nil {
return nil, err
}
return d.DecodeBytes(bytes)
}
// DecodeBytes handles decoding raw bytes. If you have a read closer it's suggested to use [Decoder.Decode].
func (d *Decoder) DecodeBytes(bytes []byte) (payload *PayloadJSON, err error) {
var token *jwt.Token
if token, err = d.parser.Parse(string(bytes), func(token *jwt.Token) (any, error) {
// 2. If the x5u attribute is present in the JWT Header, then
if _, ok := token.Header[HeaderX509URI].([]any); ok {
// never seen an x5u here, although it is in the spec
return nil, errors.New("x5u encountered in header of metadata TOC payload")
}
// 3. If the x5u attribute is missing, the chain should be retrieved from the x5c attribute.
var (
x5c, chain []any
ok, valid bool
)
if x5c, ok = token.Header[HeaderX509Certificate].([]any); !ok {
// If that attribute is missing as well, Metadata TOC signing trust anchor is considered the TOC signing certificate chain.
chain = []any{d.root}
} else {
chain = x5c
}
// The certificate chain MUST be verified to properly chain to the metadata TOC signing trust anchor.
if valid, err = validateChain(d.root, chain); !valid || err != nil {
return nil, err
}
// Chain validated, extract the TOC signing certificate from the chain. Create a buffer large enough to hold the
// certificate bytes.
o := make([]byte, base64.StdEncoding.DecodedLen(len(chain[0].(string))))
var (
n int
cert *x509.Certificate
)
// Decode the base64 certificate into the buffer.
if n, err = base64.StdEncoding.Decode(o, []byte(chain[0].(string))); err != nil {
return nil, err
}
// Parse the certificate from the buffer.
if cert, err = x509.ParseCertificate(o[:n]); err != nil {
return nil, err
}
// 4. Verify the signature of the Metadata TOC object using the TOC signing certificate chain
// jwt.Parse() uses the TOC signing certificate public key internally to verify the signature.
return cert.PublicKey, err
}); err != nil {
return nil, err
}
var decoder *mapstructure.Decoder
payload = &PayloadJSON{}
if decoder, err = mapstructure.NewDecoder(&mapstructure.DecoderConfig{
Metadata: nil,
Result: payload,
DecodeHook: d.hook,
TagName: "json",
}); err != nil {
return nil, err
}
if err = decoder.Decode(token.Claims); err != nil {
return payload, err
}
return payload, nil
}
// DecoderOption is a representation of a function that can set options within a decoder.
type DecoderOption func(decoder *Decoder) (err error)
// WithIgnoreEntryParsingErrors is a DecoderOption which ignores errors when parsing individual entries. The values for
// these entries will exist as an unparsed entry.
func WithIgnoreEntryParsingErrors() DecoderOption {
return func(decoder *Decoder) (err error) {
decoder.ignoreEntryParsingErrors = true
return nil
}
}
// WithRootCertificate overrides the root certificate used to validate the authenticity of the metadata payload.
func WithRootCertificate(value string) DecoderOption {
return func(decoder *Decoder) (err error) {
decoder.root = value
return nil
}
}
func validateChain(root string, chain []any) (bool, error) {
oRoot := make([]byte, base64.StdEncoding.DecodedLen(len(root)))
nRoot, err := base64.StdEncoding.Decode(oRoot, []byte(root))
if err != nil {
return false, err
}
rootcert, err := x509.ParseCertificate(oRoot[:nRoot])
if err != nil {
return false, err
}
roots := x509.NewCertPool()
roots.AddCert(rootcert)
o := make([]byte, base64.StdEncoding.DecodedLen(len(chain[1].(string))))
n, err := base64.StdEncoding.Decode(o, []byte(chain[1].(string)))
if err != nil {
return false, err
}
intcert, err := x509.ParseCertificate(o[:n])
if err != nil {
return false, err
}
if revoked, ok := revoke.VerifyCertificate(intcert); !ok {
issuer := intcert.IssuingCertificateURL
if issuer != nil {
return false, errCRLUnavailable
}
} else if revoked {
return false, errIntermediateCertRevoked
}
ints := x509.NewCertPool()
ints.AddCert(intcert)
l := make([]byte, base64.StdEncoding.DecodedLen(len(chain[0].(string))))
n, err = base64.StdEncoding.Decode(l, []byte(chain[0].(string)))
if err != nil {
return false, err
}
leafcert, err := x509.ParseCertificate(l[:n])
if err != nil {
return false, err
}
if revoked, ok := revoke.VerifyCertificate(leafcert); !ok {
return false, errCRLUnavailable
} else if revoked {
return false, errLeafCertRevoked
}
opts := x509.VerifyOptions{
Roots: roots,
Intermediates: ints,
}
_, err = leafcert.Verify(opts)
return err == nil, err
}
func mdsParseX509Certificate(value string) (certificate *x509.Certificate, err error) {
var n int
raw := make([]byte, base64.StdEncoding.DecodedLen(len(value)))
if n, err = base64.StdEncoding.Decode(raw, []byte(strings.TrimSpace(value))); err != nil {
return nil, fmt.Errorf(
"error occurred parsing *x509.certificate: error occurred decoding base64 data: %w",
err,
)
}
if certificate, err = x509.ParseCertificate(raw[:n]); err != nil {
return nil, err
}
return certificate, nil
}
func mdsParseTimePointer(format, value string) (parsed *time.Time, err error) {
if value == "" {
return nil, nil
}
var p time.Time
if p, err = time.Parse(format, value); err != nil {
return nil, err
}
return &p, nil
}

2
webauthn/metadata/doc.go Normal file
View File

@@ -0,0 +1,2 @@
// Package metadata handles metadata validation instrumentation.
package metadata

1123
webauthn/metadata/metadata.go Normal file
View File

File diff suppressed because it is too large Load Diff

431
webauthn/metadata/metadata_test.go Normal file
View File

File diff suppressed because one or more lines are too long

16
webauthn/metadata/passkey_authenticator.go Normal file
View File

@@ -0,0 +1,16 @@
package metadata
// PasskeyAuthenticator is a type that represents the schema from the Passkey Developer AAGUID listing.
//
// See: https://github.com/passkeydeveloper/passkey-authenticator-aaguids
type PasskeyAuthenticator map[string]PassKeyAuthenticatorAAGUID
// PassKeyAuthenticatorAAGUID is a type that represents the individual schema entry from the Passkey Developer AAGUID
// listing. Used with [PasskeyAuthenticator].
//
// See: https://github.com/passkeydeveloper/passkey-authenticator-aaguids
type PassKeyAuthenticatorAAGUID struct {
Name string `json:"name"`
IconDark string `json:"icon_dark,omitempty"`
IconLight string `json:"icon_light,omitempty"`
}

8
webauthn/metadata/providers/cached/doc.go Normal file
View File

@@ -0,0 +1,8 @@
// Package cached handles a [metadata.Provider] implementation that both downloads and caches the MDS3 blob. This
// effectively is the recommended provider in most instances as it's fairly robust. Alternatively we suggest
// implementing a similar provider that leverages the [memory.Provider] as an underlying element.
//
// This provider only specifically performs updates at the time it's initialized. It has no automatic update
// functionality. This may change in the future however if you want this functionality at this time we recommend making
// your own implementation.
package cached

92
webauthn/metadata/providers/cached/options.go Normal file
View File

@@ -0,0 +1,92 @@
package cached
import (
"net/http"
"net/url"
"github.com/sonr-io/common/webauthn/metadata"
)
// Option describes an optional pattern for this provider.
type Option func(provider *Provider) (err error)
// NewFunc describes the type used to create the underlying provider.
type NewFunc func(mds *metadata.Metadata) (provider metadata.Provider, err error)
// WithPath sets the path name for the cached file. This option is REQUIRED.
func WithPath(name string) Option {
return func(provider *Provider) (err error) {
provider.name = name
return nil
}
}
// WithUpdate is used to enable or disable the update. By default it's set to true.
func WithUpdate(update bool) Option {
return func(provider *Provider) (err error) {
provider.update = update
return nil
}
}
// WithForceUpdate is used to force an update on creation. This will forcibly overwrite the file if possible.
func WithForceUpdate(force bool) Option {
return func(provider *Provider) (err error) {
provider.force = force
return nil
}
}
// WithNew customizes the NewFunc. By default we just create a fairly standard [memory.Provider] with strict defaults.
func WithNew(newup NewFunc) Option {
return func(provider *Provider) (err error) {
provider.newup = newup
return nil
}
}
// WithDecoder sets the decoder to be used for this provider. By default this is a decoder with the entry parsing errors
// configured to skip that entry.
func WithDecoder(decoder *metadata.Decoder) Option {
return func(provider *Provider) (err error) {
provider.decoder = decoder
return nil
}
}
// WithMetadataURL configures the URL to get the metadata from. This shouldn't be modified unless you know what you're
// doing as we use the [metadata.ProductionMDSURL] which is safe in most instances.
func WithMetadataURL(uri string) Option {
return func(provider *Provider) (err error) {
if _, err = url.ParseRequestURI(uri); err != nil {
return err
}
provider.uri = uri
return nil
}
}
// WithClient configures the [*http.Client] used to get the MDS3 blob.
func WithClient(client *http.Client) Option {
return func(provider *Provider) (err error) {
provider.client = client
return nil
}
}
// WithClock allows injection of a [metadata.Clock] to check the up-to-date status of a blob.
func WithClock(clock metadata.Clock) Option {
return func(provider *Provider) (err error) {
provider.clock = clock
return nil
}
}

148
webauthn/metadata/providers/cached/provider.go Normal file
View File

@@ -0,0 +1,148 @@
package cached
import (
"fmt"
"io"
"net/http"
"os"
"github.com/sonr-io/common/webauthn/metadata"
)
// New returns a new cached Provider given a set of functional [Option]'s. This provider will download a new version and
// save it to the configured file path if it doesn't exist or if it's out of date by default.
func New(opts ...Option) (provider metadata.Provider, err error) {
p := &Provider{
update: true,
uri: metadata.ProductionMDSURL,
}
for _, opt := range opts {
if err = opt(p); err != nil {
return nil, err
}
}
if p.name == "" {
return nil, fmt.Errorf(
"provider configured without setting a path for the cached file blob",
)
}
if p.newup == nil {
p.newup = defaultNew
}
if p.decoder == nil {
if p.decoder, err = metadata.NewDecoder(metadata.WithIgnoreEntryParsingErrors()); err != nil {
return nil, err
}
}
if p.clock == nil {
p.clock = &metadata.RealClock{}
}
if err = p.init(); err != nil {
return nil, err
}
return p, nil
}
// Provider implements a [metadata.Provider] with a file-based cache.
type Provider struct {
metadata.Provider
name string
uri string
update bool
force bool
clock metadata.Clock
client *http.Client
decoder *metadata.Decoder
newup NewFunc
}
func (p *Provider) init() (err error) {
var (
f *os.File
rc io.ReadCloser
created bool
mds *metadata.Metadata
)
if f, created, err = doOpenOrCreate(p.name); err != nil {
return err
}
defer f.Close()
if created || p.force {
if rc, err = p.get(); err != nil {
return err
}
} else {
if mds, err = p.parse(f); err != nil {
return err
}
if p.outdated(mds) {
if rc, err = p.get(); err != nil {
return err
}
}
}
if rc != nil {
if err = doTruncateCopyAndSeekStart(f, rc); err != nil {
return err
}
if mds, err = p.parse(f); err != nil {
return err
}
}
var provider metadata.Provider
if provider, err = p.newup(mds); err != nil {
return err
}
p.Provider = provider
return nil
}
func (p *Provider) parse(rc io.ReadCloser) (data *metadata.Metadata, err error) {
var payload *metadata.PayloadJSON
if payload, err = p.decoder.Decode(rc); err != nil {
return nil, err
}
if data, err = p.decoder.Parse(payload); err != nil {
return nil, err
}
return data, nil
}
func (p *Provider) outdated(mds *metadata.Metadata) bool {
return p.update && p.clock.Now().After(mds.Parsed.NextUpdate)
}
func (p *Provider) get() (f io.ReadCloser, err error) {
if p.client == nil {
p.client = &http.Client{}
}
var res *http.Response
if res, err = p.client.Get(p.uri); err != nil {
return nil, err
}
return res.Body, nil
}

51
webauthn/metadata/providers/cached/util.go Normal file
View File

@@ -0,0 +1,51 @@
package cached
import (
"io"
"os"
"github.com/sonr-io/common/webauthn/metadata"
"github.com/sonr-io/common/webauthn/metadata/providers/memory"
)
func doTruncateCopyAndSeekStart(f *os.File, rc io.ReadCloser) (err error) {
if err = f.Truncate(0); err != nil {
return err
}
if _, err = io.Copy(f, rc); err != nil {
return err
}
if _, err = f.Seek(0, io.SeekStart); err != nil {
return err
}
return rc.Close()
}
func doOpenOrCreate(name string) (f *os.File, created bool, err error) {
if f, err = os.OpenFile(name, os.O_RDWR, 0); err == nil {
return f, false, nil
}
if os.IsNotExist(err) {
if f, err = os.Create(name); err != nil {
return nil, false, err
}
return f, true, nil
}
return nil, false, err
}
func defaultNew(mds *metadata.Metadata) (provider metadata.Provider, err error) {
return memory.New(
memory.WithMetadata(mds.ToMap()),
memory.WithValidateEntry(true),
memory.WithValidateEntryPermitZeroAAGUID(false),
memory.WithValidateTrustAnchor(true),
memory.WithValidateStatus(true),
)
}

4
webauthn/metadata/providers/memory/doc.go Normal file
View File

@@ -0,0 +1,4 @@
// Package memory handles a [metadata.Provider] implementation that solely exists in memory. It's intended as a basis
// for other providers and generally not recommended to use directly unless you're implementing your own logic to handle
// the download and potential caching of the MDS3 blob yourself.
package memory

90
webauthn/metadata/providers/memory/options.go Normal file
View File

@@ -0,0 +1,90 @@
package memory
import (
"github.com/google/uuid"
"github.com/sonr-io/common/webauthn/metadata"
)
// Option describes an optional pattern for this provider.
type Option func(provider *Provider) (err error)
// WithMetadata provides the required metadata for the memory provider.
func WithMetadata(mds map[uuid.UUID]*metadata.Entry) Option {
return func(provider *Provider) (err error) {
provider.mds = mds
return nil
}
}
// WithValidateEntry requires that the provided metadata has an entry for the given authenticator to be considered
// valid. By default an AAGUID which has a zero value should fail validation if [WithValidateEntryPermitZeroAAGUID] is not
// provided with the value of true. Default is true.
func WithValidateEntry(require bool) Option {
return func(provider *Provider) (err error) {
provider.entry = require
return nil
}
}
// WithValidateEntryPermitZeroAAGUID is an option that permits a zero'd AAGUID from an attestation statement to
// automatically pass metadata validations. Generally helpful to use with [WithValidateEntry]. Default is false.
func WithValidateEntryPermitZeroAAGUID(permit bool) Option {
return func(provider *Provider) (err error) {
provider.entryPermitZero = permit
return nil
}
}
// WithValidateTrustAnchor when set to true enables the validation of the attestation statement against the trust anchor
// from the metadata. Default is true.
func WithValidateTrustAnchor(validate bool) Option {
return func(provider *Provider) (err error) {
provider.anchors = validate
return nil
}
}
// WithValidateStatus when set to true enables the validation of the attestation statements AAGUID against the desired
// and undesired [metadata.AuthenticatorStatus] lists. Default is true.
func WithValidateStatus(validate bool) Option {
return func(provider *Provider) (err error) {
provider.status = validate
return nil
}
}
// WithValidateAttestationTypes when set to true enables the validation of the attestation statements type against the
// known types the authenticator can produce. Default is true.
func WithValidateAttestationTypes(validate bool) Option {
return func(provider *Provider) (err error) {
provider.attestation = validate
return nil
}
}
// WithStatusUndesired provides the list of statuses which are considered undesirable for status report validation
// purposes. Should be used with [WithValidateStatus] set to true.
func WithStatusUndesired(statuses []metadata.AuthenticatorStatus) Option {
return func(provider *Provider) (err error) {
provider.undesired = statuses
return nil
}
}
// WithStatusDesired provides the list of statuses which are considered desired and will be required for status report
// validation purposes. Should be used with [WithValidateStatus] set to true.
func WithStatusDesired(statuses []metadata.AuthenticatorStatus) Option {
return func(provider *Provider) (err error) {
provider.desired = statuses
return nil
}
}

97
webauthn/metadata/providers/memory/provider.go Normal file
View File

@@ -0,0 +1,97 @@
package memory
import (
"context"
"fmt"
"github.com/google/uuid"
"github.com/sonr-io/common/webauthn/metadata"
)
// New returns a new memory Provider given a set of functional Option's.
func New(opts ...Option) (provider metadata.Provider, err error) {
p := &Provider{
undesired: metadata.DefaultUndesiredAuthenticatorStatuses(),
entry: true,
anchors: true,
status: true,
attestation: true,
}
for _, opt := range opts {
if err = opt(p); err != nil {
return nil, err
}
}
if p.mds == nil {
return nil, fmt.Errorf("memory metadata provider has not been initialized with metadata")
}
return p, nil
}
// Provider is a concrete implementation of the [metadata.Provider] that utilizes memory for validation. This provider is
// a simple one-shot that doesn't perform any locking, provide dynamic functionality, or download the metadata at any
// stage (it expects it's provided via one of the Option's).
type Provider struct {
mds map[uuid.UUID]*metadata.Entry
desired []metadata.AuthenticatorStatus
undesired []metadata.AuthenticatorStatus
entry bool
entryPermitZero bool
anchors bool
status bool
attestation bool
}
func (p *Provider) GetEntry(
ctx context.Context,
aaguid uuid.UUID,
) (entry *metadata.Entry, err error) {
if p.mds == nil {
return nil, metadata.ErrNotInitialized
}
var ok bool
if entry, ok = p.mds[aaguid]; ok {
return entry, nil
}
return nil, nil
}
func (p *Provider) GetValidateEntry(ctx context.Context) (require bool) {
return p.entry
}
func (p *Provider) GetValidateEntryPermitZeroAAGUID(ctx context.Context) (skip bool) {
return p.entryPermitZero
}
func (p *Provider) GetValidateTrustAnchor(ctx context.Context) (validate bool) {
return p.anchors
}
func (p *Provider) GetValidateStatus(ctx context.Context) (validate bool) {
return p.status
}
func (p *Provider) GetValidateAttestationTypes(ctx context.Context) (validate bool) {
return p.attestation
}
func (p *Provider) ValidateStatusReports(
ctx context.Context,
reports []metadata.StatusReport,
) (err error) {
if !p.status {
return nil
}
return metadata.ValidateStatusReports(reports, p.desired, p.undesired)
}
var _ metadata.Provider = (*Provider)(nil)

75
webauthn/metadata/status.go Normal file
View File

@@ -0,0 +1,75 @@
package metadata
import (
"fmt"
"strings"
)
// ValidateStatusReports checks a list of [StatusReport] structs against a list of desired and undesired [AuthenticatorStatus]
// values. If the reports contain all of the desired and none of the undesired status reports then no error is returned
// otherwise an error describing the issue is returned.
func ValidateStatusReports(
reports []StatusReport,
desired, undesired []AuthenticatorStatus,
) (err error) {
if len(desired) == 0 && (len(undesired) == 0 || len(reports) == 0) {
return nil
}
var present, absent []string
if len(undesired) != 0 {
for _, report := range reports {
for _, status := range undesired {
if report.Status == status {
present = append(present, string(status))
continue
}
}
}
}
if len(desired) != 0 {
desired:
for _, status := range desired {
for _, report := range reports {
if report.Status == status {
continue desired
}
}
absent = append(absent, string(status))
}
}
switch {
case len(present) == 0 && len(absent) == 0:
return nil
case len(present) != 0 && len(absent) == 0:
return &Error{
Type: "invalid_status",
Details: fmt.Sprintf(
"The following undesired status reports were present: %s",
strings.Join(present, ", "),
),
}
case len(present) == 0 && len(absent) != 0:
return &Error{
Type: "invalid_status",
Details: fmt.Sprintf(
"The following desired status reports were absent: %s",
strings.Join(absent, ", "),
),
}
default:
return &Error{
Type: "invalid_status",
Details: fmt.Sprintf(
"The following undesired status reports were present: %s; the following desired status reports were absent: %s",
strings.Join(present, ", "),
strings.Join(absent, ", "),
),
}
}
}

415
webauthn/metadata/types.go Normal file
View File

@@ -0,0 +1,415 @@
package metadata
import (
"context"
"errors"
"reflect"
"time"
"github.com/google/uuid"
"github.com/sonr-io/common/webauthn/webauthncose"
)
// The Provider is an interface which describes the elements required to satisfy validation of metadata.
type Provider interface {
// GetEntry returns a MDS3 payload entry given a AAGUID. This
GetEntry(ctx context.Context, aaguid uuid.UUID) (entry *Entry, err error)
// GetValidateEntry returns true if this provider requires an entry to exist with a AAGUID matching the attestation
// statement during registration.
GetValidateEntry(ctx context.Context) (validate bool)
// GetValidateEntryPermitZeroAAGUID returns true if attestation statements with zerod AAGUID should be permitted
// when considering the result from GetValidateEntry. i.e. if the AAGUID is zeroed, and GetValidateEntry returns
// true, and this implementation returns true, the attestation statement will pass validation.
GetValidateEntryPermitZeroAAGUID(ctx context.Context) (skip bool)
// GetValidateTrustAnchor returns true if trust anchor validation of attestation statements is enforced during
// registration.
GetValidateTrustAnchor(ctx context.Context) (validate bool)
// GetValidateStatus returns true if the status reports for an authenticator should be validated against desired and
// undesired statuses.
GetValidateStatus(ctx context.Context) (validate bool)
// GetValidateAttestationTypes if true will enforce checking that the provided attestation is possible with the
// given authenticator.
GetValidateAttestationTypes(ctx context.Context) (validate bool)
// ValidateStatusReports returns nil if the provided authenticator status reports are desired.
ValidateStatusReports(ctx context.Context, reports []StatusReport) (err error)
}
var ErrNotInitialized = errors.New("metadata: not initialized")
type PublicKeyCredentialParameters struct {
Type string `json:"type"`
Alg webauthncose.COSEAlgorithmIdentifier `json:"alg"`
}
type AuthenticatorAttestationTypes []AuthenticatorAttestationType
func (t AuthenticatorAttestationTypes) HasBasicFull() bool {
for _, a := range t {
if a == BasicFull || a == AttCA {
return true
}
}
return false
}
// AuthenticatorAttestationType - The ATTESTATION constants are 16 bit long integers indicating the specific attestation that authenticator supports.
// Each constant has a case-sensitive string representation (in quotes), which is used in the authoritative metadata for FIDO authenticators.
type AuthenticatorAttestationType string
const (
// BasicFull - Indicates full basic attestation, based on an attestation private key shared among a class of authenticators (e.g. same model). Authenticators must provide its attestation signature during the registration process for the same reason. The attestation trust anchor is shared with FIDO Servers out of band (as part of the Metadata). This sharing process should be done according to [UAFMetadataService].
BasicFull AuthenticatorAttestationType = "basic_full"
// BasicSurrogate - Just syntactically a Basic Attestation. The attestation object self-signed, i.e. it is signed using the UAuth.priv key, i.e. the key corresponding to the UAuth.pub key included in the attestation object. As a consequence it does not provide a cryptographic proof of the security characteristics. But it is the best thing we can do if the authenticator is not able to have an attestation private key.
BasicSurrogate AuthenticatorAttestationType = "basic_surrogate"
// Ecdaa - Indicates use of elliptic curve based direct anonymous attestation as defined in [FIDOEcdaaAlgorithm]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.
Ecdaa AuthenticatorAttestationType = "ecdaa"
// AttCA - Indicates PrivacyCA attestation as defined in [TCG-CMCProfile-AIKCertEnroll]. Support for this attestation type is optional at this time. It might be required by FIDO Certification.
AttCA AuthenticatorAttestationType = "attca"
// AnonCA In this case, the authenticator uses an Anonymization CA which dynamically generates per-credential attestation certificates such that the attestation statements presented to Relying Parties do not provide uniquely identifiable information, e.g., that might be used for tracking purposes. The applicable [WebAuthn] attestation formats "fmt" are Google SafetyNet Attestation "android-safetynet", Android Keystore Attestation "android-key", Apple Anonymous Attestation "apple", and Apple Application Attestation "apple-appattest".
AnonCA AuthenticatorAttestationType = "anonca"
// None - Indicates absence of attestation
None AuthenticatorAttestationType = "none"
)
type KeyScope string
const (
KeyScopeNone KeyScope = ""
PublicKeyCredentialSource KeyScope = "public-key-credential-source"
DeviceSupplementalPublicKeys KeyScope = "device-spk"
ProviderSupplementalPublicKeys KeyScope = "provider-spk"
)
type MultiDeviceCredentialSupport string
const (
MultiDeviceCredentialUnsupported MultiDeviceCredentialSupport = "unsupported"
MultiDeviceCredentialExplicit MultiDeviceCredentialSupport = "explicit"
MultiDeviceCredentialImplicit MultiDeviceCredentialSupport = "implicit"
)
// AuthenticatorStatus - This enumeration describes the status of an authenticator model as identified by its AAID and potentially some additional information (such as a specific attestation key).
// https://fidoalliance.org/specs/mds/fido-metadata-service-v3.1-ps-20250521.html#sctn-authnr-stat
type AuthenticatorStatus string
const (
// NotFidoCertified - This authenticator is not FIDO certified.
NotFidoCertified AuthenticatorStatus = "NOT_FIDO_CERTIFIED"
// FidoCertified - This authenticator has passed FIDO functional certification. This certification scheme is phased out and will be replaced by FIDO_CERTIFIED_L1.
FidoCertified AuthenticatorStatus = "FIDO_CERTIFIED"
// UserVerificationBypass - Indicates that malware is able to bypass the user verification. This means that the authenticator could be used without the user's consent and potentially even without the user's knowledge.
UserVerificationBypass AuthenticatorStatus = "USER_VERIFICATION_BYPASS"
// AttestationKeyCompromise - Indicates that an attestation key for this authenticator is known to be compromised. Additional data should be supplied, including the key identifier and the date of compromise, if known.
AttestationKeyCompromise AuthenticatorStatus = "ATTESTATION_KEY_COMPROMISE"
// UserKeyRemoteCompromise - This authenticator has identified weaknesses that allow registered keys to be compromised and should not be trusted. This would include both, e.g. weak entropy that causes predictable keys to be generated or side channels that allow keys or signatures to be forged, guessed or extracted.
UserKeyRemoteCompromise AuthenticatorStatus = "USER_KEY_REMOTE_COMPROMISE"
// UserKeyPhysicalCompromise - This authenticator has known weaknesses in its key protection mechanism(s) that allow user keys to be extracted by an adversary in physical possession of the device.
UserKeyPhysicalCompromise AuthenticatorStatus = "USER_KEY_PHYSICAL_COMPROMISE"
// UpdateAvailable - A software or firmware update is available for the device. Additional data should be supplied including a URL where users can obtain an update and the date the update was published.
UpdateAvailable AuthenticatorStatus = "UPDATE_AVAILABLE"
// Revoked - The FIDO Alliance has determined that this authenticator should not be trusted for any reason, for example if it is known to be a fraudulent product or contain a deliberate backdoor.
Revoked AuthenticatorStatus = "REVOKED"
// SelfAssertionSubmitted - The authenticator vendor has completed and submitted the self-certification checklist to the FIDO Alliance. If this completed checklist is publicly available, the URL will be specified in StatusReportJSON.url.
SelfAssertionSubmitted AuthenticatorStatus = "SELF_ASSERTION_SUBMITTED"
// FidoCertifiedL1 - The authenticator has passed FIDO Authenticator certification at level 1. This level is the more strict successor of FIDO_CERTIFIED.
FidoCertifiedL1 AuthenticatorStatus = "FIDO_CERTIFIED_L1"
// FidoCertifiedL1plus - The authenticator has passed FIDO Authenticator certification at level 1+. This level is the more than level 1.
FidoCertifiedL1plus AuthenticatorStatus = "FIDO_CERTIFIED_L1plus"
// FidoCertifiedL2 - The authenticator has passed FIDO Authenticator certification at level 2. This level is more strict than level 1+.
FidoCertifiedL2 AuthenticatorStatus = "FIDO_CERTIFIED_L2"
// FidoCertifiedL2plus - The authenticator has passed FIDO Authenticator certification at level 2+. This level is more strict than level 2.
FidoCertifiedL2plus AuthenticatorStatus = "FIDO_CERTIFIED_L2plus"
// FidoCertifiedL3 - The authenticator has passed FIDO Authenticator certification at level 3. This level is more strict than level 2+.
FidoCertifiedL3 AuthenticatorStatus = "FIDO_CERTIFIED_L3"
// FidoCertifiedL3plus - The authenticator has passed FIDO Authenticator certification at level 3+. This level is more strict than level 3.
FidoCertifiedL3plus AuthenticatorStatus = "FIDO_CERTIFIED_L3plus"
// FIPS140CertifiedL1 - The authenticator has passed FIPS 140 certification at overall level 1.
FIPS140CertifiedL1 AuthenticatorStatus = "FIPS140_CERTIFIED_L1"
// FIPS140CertifiedL2 - The authenticator has passed FIPS 140 certification at overall level 2.
FIPS140CertifiedL2 AuthenticatorStatus = "FIPS140_CERTIFIED_L2"
// FIPS140CertifiedL3 - The authenticator has passed FIPS 140 certification at overall level 3.
FIPS140CertifiedL3 AuthenticatorStatus = "FIPS140_CERTIFIED_L3"
// FIPS140CertifiedL4 - The authenticator has passed FIPS 140 certification at overall level 4.
FIPS140CertifiedL4 AuthenticatorStatus = "FIPS140_CERTIFIED_L4"
)
// defaultUndesiredAuthenticatorStatus is an array of undesirable authenticator statuses
var defaultUndesiredAuthenticatorStatus = [...]AuthenticatorStatus{
AttestationKeyCompromise,
UserVerificationBypass,
UserKeyRemoteCompromise,
UserKeyPhysicalCompromise,
Revoked,
}
// IsUndesiredAuthenticatorStatus returns whether the supplied authenticator status is desirable or not
func IsUndesiredAuthenticatorStatus(status AuthenticatorStatus) bool {
for _, s := range defaultUndesiredAuthenticatorStatus {
if s == status {
return true
}
}
return false
}
// IsUndesiredAuthenticatorStatusSlice returns whether the supplied authenticator status is desirable or not
func IsUndesiredAuthenticatorStatusSlice(
status AuthenticatorStatus,
values []AuthenticatorStatus,
) bool {
for _, s := range values {
if s == status {
return true
}
}
return false
}
// IsUndesiredAuthenticatorStatusMap returns whether the supplied authenticator status is desirable or not
func IsUndesiredAuthenticatorStatusMap(
status AuthenticatorStatus,
values map[AuthenticatorStatus]bool,
) bool {
_, ok := values[status]
return ok
}
type AuthenticationAlgorithm string
const (
// ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW is an ECDSA signature on the NIST secp256r1 curve which must have raw R and
// S buffers, encoded in big-endian order.
ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW AuthenticationAlgorithm = "secp256r1_ecdsa_sha256_raw"
// ALG_SIGN_SECP256R1_ECDSA_SHA256_DER is a DER ITU-X690-2008 encoded ECDSA signature RFC5480 on the NIST secp256r1
// curve.
ALG_SIGN_SECP256R1_ECDSA_SHA256_DER AuthenticationAlgorithm = "secp256r1_ecdsa_sha256_der"
// ALG_SIGN_RSASSA_PSS_SHA256_RAW is a RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian
// order RFC4055 RFC4056.
ALG_SIGN_RSASSA_PSS_SHA256_RAW AuthenticationAlgorithm = "rsassa_pss_sha256_raw"
// ALG_SIGN_RSASSA_PSS_SHA256_DER is a DER ITU-X690-2008 encoded OCTET STRING (not BIT STRING!) containing the
// RSASSA-PSS RFC3447 signature RFC4055 RFC4056.
ALG_SIGN_RSASSA_PSS_SHA256_DER AuthenticationAlgorithm = "rsassa_pss_sha256_der"
// ALG_SIGN_SECP256K1_ECDSA_SHA256_RAW is an ECDSA signature on the secp256k1 curve which must have raw R and S
// buffers, encoded in big-endian order.
ALG_SIGN_SECP256K1_ECDSA_SHA256_RAW AuthenticationAlgorithm = "secp256k1_ecdsa_sha256_raw"
// ALG_SIGN_SECP256K1_ECDSA_SHA256_DER is a DER ITU-X690-2008 encoded ECDSA signature RFC5480 on the secp256k1 curve.
ALG_SIGN_SECP256K1_ECDSA_SHA256_DER AuthenticationAlgorithm = "secp256k1_ecdsa_sha256_der"
// ALG_SIGN_SM2_SM3_RAW is a Chinese SM2 elliptic curve based signature algorithm combined with SM3 hash algorithm
// OSCCA-SM2 OSCCA-SM3.
ALG_SIGN_SM2_SM3_RAW AuthenticationAlgorithm = "sm2_sm3_raw"
// ALG_SIGN_RSA_EMSA_PKCS1_SHA256_RAW is the EMSA-PKCS1-v1_5 signature as defined in RFC3447.
ALG_SIGN_RSA_EMSA_PKCS1_SHA256_RAW AuthenticationAlgorithm = "rsa_emsa_pkcs1_sha256_raw"
// ALG_SIGN_RSA_EMSA_PKCS1_SHA256_DER is a DER ITU-X690-2008 encoded OCTET STRING (not BIT STRING!) containing the
// EMSA-PKCS1-v1_5 signature as defined in RFC3447.
ALG_SIGN_RSA_EMSA_PKCS1_SHA256_DER AuthenticationAlgorithm = "rsa_emsa_pkcs1_sha256_der"
// ALG_SIGN_RSASSA_PSS_SHA384_RAW is a RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian
// order RFC4055 RFC4056.
ALG_SIGN_RSASSA_PSS_SHA384_RAW AuthenticationAlgorithm = "rsassa_pss_sha384_raw"
// ALG_SIGN_RSASSA_PSS_SHA512_RAW is a RSASSA-PSS RFC3447 signature must have raw S buffers, encoded in big-endian
// order RFC4055 RFC4056.
ALG_SIGN_RSASSA_PSS_SHA512_RAW AuthenticationAlgorithm = "rsassa_pss_sha512_raw"
// ALG_SIGN_RSASSA_PKCSV15_SHA256_RAW is a RSASSA-PKCS1-v1_5 RFC3447 with SHA256(aka RS256) signature must have raw
// S buffers, encoded in big-endian order RFC8017 RFC4056
ALG_SIGN_RSASSA_PKCSV15_SHA256_RAW AuthenticationAlgorithm = "rsassa_pkcsv15_sha256_raw"
// RSASSA-PKCS1-v1_5 RFC3447 with SHA384(aka RS384) signature must have raw S buffers, encoded in big-endian order RFC8017 RFC4056
ALG_SIGN_RSASSA_PKCSV15_SHA384_RAW AuthenticationAlgorithm = "rsassa_pkcsv15_sha384_raw"
// ALG_SIGN_RSASSA_PKCSV15_SHA512_RAW is a RSASSA-PKCS1-v1_5 RFC3447 with SHA512(aka RS512) signature must have raw
// S buffers, encoded in big-endian order RFC8017 RFC4056
ALG_SIGN_RSASSA_PKCSV15_SHA512_RAW AuthenticationAlgorithm = "rsassa_pkcsv15_sha512_raw"
// ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW is a RSASSA-PKCS1-v1_5 RFC3447 with SHA1(aka RS1) signature must have raw S
// buffers, encoded in big-endian order RFC8017 RFC4056
ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW AuthenticationAlgorithm = "rsassa_pkcsv15_sha1_raw"
// ALG_SIGN_SECP384R1_ECDSA_SHA384_RAW is an ECDSA signature on the NIST secp384r1 curve with SHA384(aka: ES384)
// which must have raw R and S buffers, encoded in big-endian order.
ALG_SIGN_SECP384R1_ECDSA_SHA384_RAW AuthenticationAlgorithm = "secp384r1_ecdsa_sha384_raw"
// ALG_SIGN_SECP521R1_ECDSA_SHA512_RAW is an ECDSA signature on the NIST secp512r1 curve with SHA512(aka: ES512)
// which must have raw R and S buffers, encoded in big-endian order.
ALG_SIGN_SECP521R1_ECDSA_SHA512_RAW AuthenticationAlgorithm = "secp521r1_ecdsa_sha512_raw"
// ALG_SIGN_ED25519_EDDSA_SHA512_RAW is an EdDSA signature on the curve 25519, which must have raw R and S buffers,
// encoded in big-endian order.
ALG_SIGN_ED25519_EDDSA_SHA512_RAW AuthenticationAlgorithm = "ed25519_eddsa_sha512_raw"
// ALG_SIGN_ED448_EDDSA_SHA512_RAW is an EdDSA signature on the curve Ed448, which must have raw R and S buffers,
// encoded in big-endian order.
ALG_SIGN_ED448_EDDSA_SHA512_RAW AuthenticationAlgorithm = "ed448_eddsa_sha512_raw"
)
// algKeyCose provides a mapping between authentication algorithms and their COSE representations
// Used internally for algorithm validation and conversion
type algKeyCose struct {
KeyType webauthncose.COSEKeyType
Algorithm webauthncose.COSEAlgorithmIdentifier
Curve webauthncose.COSEEllipticCurve
}
func algKeyCoseDictionary() func(AuthenticationAlgorithm) algKeyCose {
mapping := map[AuthenticationAlgorithm]algKeyCose{
ALG_SIGN_SECP256R1_ECDSA_SHA256_RAW: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES256,
Curve: webauthncose.P256,
},
ALG_SIGN_SECP256R1_ECDSA_SHA256_DER: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES256,
Curve: webauthncose.P256,
},
ALG_SIGN_RSASSA_PSS_SHA256_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgPS256,
},
ALG_SIGN_RSASSA_PSS_SHA256_DER: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgPS256,
},
ALG_SIGN_SECP256K1_ECDSA_SHA256_RAW: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES256K,
Curve: webauthncose.Secp256k1,
},
ALG_SIGN_SECP256K1_ECDSA_SHA256_DER: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES256K,
Curve: webauthncose.Secp256k1,
},
ALG_SIGN_RSASSA_PSS_SHA384_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgPS384,
},
ALG_SIGN_RSASSA_PSS_SHA512_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgPS512,
},
ALG_SIGN_RSASSA_PKCSV15_SHA256_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgRS256,
},
ALG_SIGN_RSASSA_PKCSV15_SHA384_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgRS384,
},
ALG_SIGN_RSASSA_PKCSV15_SHA512_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgRS512,
},
ALG_SIGN_RSASSA_PKCSV15_SHA1_RAW: {
KeyType: webauthncose.RSAKey,
Algorithm: webauthncose.AlgRS1,
},
ALG_SIGN_SECP384R1_ECDSA_SHA384_RAW: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES384,
Curve: webauthncose.P384,
},
ALG_SIGN_SECP521R1_ECDSA_SHA512_RAW: {
KeyType: webauthncose.EllipticKey,
Algorithm: webauthncose.AlgES512,
Curve: webauthncose.P521,
},
ALG_SIGN_ED25519_EDDSA_SHA512_RAW: {
KeyType: webauthncose.OctetKey,
Algorithm: webauthncose.AlgEdDSA,
Curve: webauthncose.Ed25519,
},
ALG_SIGN_ED448_EDDSA_SHA512_RAW: {
KeyType: webauthncose.OctetKey,
Algorithm: webauthncose.AlgEdDSA,
Curve: webauthncose.Ed448,
},
}
return func(key AuthenticationAlgorithm) algKeyCose {
return mapping[key]
}
}
func AlgKeyMatch(key algKeyCose, algs []AuthenticationAlgorithm) bool {
for _, alg := range algs {
if reflect.DeepEqual(algKeyCoseDictionary()(alg), key) {
return true
}
}
return false
}
type PublicKeyAlgAndEncoding string
const (
// ALG_KEY_ECC_X962_RAW is a raw ANSI X9.62 formatted Elliptic Curve public key.
ALG_KEY_ECC_X962_RAW PublicKeyAlgAndEncoding = "ecc_x962_raw"
// ALG_KEY_ECC_X962_DER is a DER ITU-X690-2008 encoded ANSI X.9.62 formatted SubjectPublicKeyInfo RFC5480 specifying an elliptic curve public key.
ALG_KEY_ECC_X962_DER PublicKeyAlgAndEncoding = "ecc_x962_der"
// ALG_KEY_RSA_2048_RAW is a raw encoded 2048-bit RSA public key RFC3447.
ALG_KEY_RSA_2048_RAW PublicKeyAlgAndEncoding = "rsa_2048_raw"
// ALG_KEY_RSA_2048_DER is a ASN.1 DER [ITU-X690-2008] encoded 2048-bit RSA RFC3447 public key RFC4055.
ALG_KEY_RSA_2048_DER PublicKeyAlgAndEncoding = "rsa_2048_der"
// ALG_KEY_COSE is a COSE_Key format, as defined in Section 7 of RFC8152. This encoding includes its own field for indicating the public key algorithm.
ALG_KEY_COSE PublicKeyAlgAndEncoding = "cose"
)
type Error struct {
// Short name for the type of error that has occurred.
Type string `json:"type"`
// Additional details about the error.
Details string `json:"error"`
// Information to help debug the error.
DevInfo string `json:"debug"`
}
func (e *Error) Error() string {
return e.Details
}
// Clock is an interface used to implement clock functionality in various metadata areas.
type Clock interface {
// Now returns the current time.
Now() time.Time
}
// RealClock is just a real clock.
type RealClock struct{}
// Now returns the current time.
func (RealClock) Now() time.Time {
return time.Now()
}

278
webauthn/options.go Normal file
View File

@@ -0,0 +1,278 @@
package webauthn
import (
"github.com/sonr-io/common/webauthn/webauthncose"
)
type CredentialCreation struct {
Response PublicKeyCredentialCreationOptions `json:"publicKey"`
Mediation CredentialMediationRequirement `json:"mediation,omitempty"`
}
type CredentialAssertion struct {
Response PublicKeyCredentialRequestOptions `json:"publicKey"`
Mediation CredentialMediationRequirement `json:"mediation,omitempty"`
}
// PublicKeyCredentialCreationOptions represents the IDL of the same name.
//
// In order to create a Credential via create(), the caller specifies a few parameters in a
// PublicKeyCredentialCreationOptions object.
//
// WebAuthn Level 3: hints,attestationFormats.
//
// Specification: §5.4. Options for Credential Creation (https://www.w3.org/TR/webauthn/#dictionary-makecredentialoptions)
type PublicKeyCredentialCreationOptions struct {
RelyingParty RelyingPartyEntity `json:"rp"`
User UserEntity `json:"user"`
Challenge URLEncodedBase64 `json:"challenge"`
Parameters []CredentialParameter `json:"pubKeyCredParams,omitempty"`
Timeout int `json:"timeout,omitempty"`
CredentialExcludeList []CredentialDescriptor `json:"excludeCredentials,omitempty"`
AuthenticatorSelection AuthenticatorSelection `json:"authenticatorSelection,omitempty"`
Hints []PublicKeyCredentialHints `json:"hints,omitempty"`
Attestation ConveyancePreference `json:"attestation,omitempty"`
AttestationFormats []AttestationFormat `json:"attestationFormats,omitempty"`
Extensions AuthenticationExtensions `json:"extensions,omitempty"`
}
// The PublicKeyCredentialRequestOptions dictionary supplies get() with the data it needs to generate an assertion.
// Its challenge member MUST be present, while its other members are OPTIONAL.
//
// WebAuthn Level 3: hints.
//
// Specification: §5.5. Options for Assertion Generation (https://www.w3.org/TR/webauthn/#dictionary-assertion-options)
type PublicKeyCredentialRequestOptions struct {
Challenge URLEncodedBase64 `json:"challenge"`
Timeout int `json:"timeout,omitempty"`
RelyingPartyID string `json:"rpId,omitempty"`
AllowedCredentials []CredentialDescriptor `json:"allowCredentials,omitempty"`
UserVerification UserVerificationRequirement `json:"userVerification,omitempty"`
Hints []PublicKeyCredentialHints `json:"hints,omitempty"`
Extensions AuthenticationExtensions `json:"extensions,omitempty"`
}
// CredentialDescriptor represents the PublicKeyCredentialDescriptor IDL.
//
// This dictionary contains the attributes that are specified by a caller when referring to a public key credential as
// an input parameter to the create() or get() methods. It mirrors the fields of the PublicKeyCredential object returned
// by the latter methods.
//
// Specification: §5.10.3. Credential Descriptor (https://www.w3.org/TR/webauthn/#credential-dictionary)
type CredentialDescriptor struct {
// The valid credential types.
Type CredentialType `json:"type"`
// CredentialID The ID of a credential to allow/disallow.
CredentialID URLEncodedBase64 `json:"id"`
// The authenticator transports that can be used.
Transport []AuthenticatorTransport `json:"transports,omitempty"`
// The AttestationType from the Credential. Used internally only.
AttestationType string `json:"-"`
}
// CredentialParameter is the credential type and algorithm
// that the relying party wants the authenticator to create.
type CredentialParameter struct {
Type CredentialType `json:"type"`
Algorithm webauthncose.COSEAlgorithmIdentifier `json:"alg"`
}
// CredentialType represents the PublicKeyCredentialType IDL and is used with the CredentialDescriptor IDL.
//
// This enumeration defines the valid credential types. It is an extension point; values can be added to it in the
// future, as more credential types are defined. The values of this enumeration are used for versioning the
// Authentication Assertion and attestation structures according to the type of the authenticator.
//
// Currently one credential type is defined, namely "public-key".
//
// Specification: §5.8.2. Credential Type Enumeration (https://www.w3.org/TR/webauthn/#enumdef-publickeycredentialtype)
//
// Specification: §5.8.3. Credential Descriptor (https://www.w3.org/TR/webauthn/#dictionary-credential-descriptor)
type CredentialType string
const (
// PublicKeyCredentialType - Currently one credential type is defined, namely "public-key".
PublicKeyCredentialType CredentialType = "public-key"
)
// AuthenticationExtensions represents the AuthenticationExtensionsClientInputs IDL. This member contains additional
// parameters requesting additional processing by the client and authenticator.
//
// Specification: §5.7.1. Authentication Extensions Client Inputs (https://www.w3.org/TR/webauthn/#iface-authentication-extensions-client-inputs)
type AuthenticationExtensions map[string]any
// AuthenticatorSelection represents the AuthenticatorSelectionCriteria IDL.
//
// WebAuthn Relying Parties may use the AuthenticatorSelectionCriteria dictionary to specify their requirements
// regarding authenticator attributes.
//
// Specification: §5.4.4. Authenticator Selection Criteria (https://www.w3.org/TR/webauthn/#dictionary-authenticatorSelection)
type AuthenticatorSelection struct {
// AuthenticatorAttachment If this member is present, eligible authenticators are filtered to only
// authenticators attached with the specified AuthenticatorAttachment enum.
AuthenticatorAttachment AuthenticatorAttachment `json:"authenticatorAttachment,omitempty"`
// RequireResidentKey this member describes the Relying Party's requirements regarding resident
// credentials. If the parameter is set to true, the authenticator MUST create a client-side-resident
// public key credential source when creating a public key credential.
RequireResidentKey *bool `json:"requireResidentKey,omitempty"`
// ResidentKey this member describes the Relying Party's requirements regarding resident
// credentials per Webauthn Level 2.
ResidentKey ResidentKeyRequirement `json:"residentKey,omitempty"`
// UserVerification This member describes the Relying Party's requirements regarding user verification for
// the create() operation. Eligible authenticators are filtered to only those capable of satisfying this
// requirement.
UserVerification UserVerificationRequirement `json:"userVerification,omitempty"`
}
// ConveyancePreference is the type representing the AttestationConveyancePreference IDL.
//
// WebAuthn Relying Parties may use AttestationConveyancePreference to specify their preference regarding attestation
// conveyance during credential generation.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#enum-attestation-convey)
type ConveyancePreference string
const (
// PreferNoAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party is not interested in authenticator attestation. For example, in order
// to potentially avoid having to obtain user consent to relay identifying information to the Relying Party, or to
// save a round trip to an Attestation CA or Anonymization CA.
//
// This is the default value.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-none)
PreferNoAttestation ConveyancePreference = "none"
// PreferIndirectAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation
// statements, but allows the client to decide how to obtain such attestation statements. The client MAY replace the
// authenticator-generated attestation statements with attestation statements generated by an Anonymization CA, in
// order to protect the users privacy, or to assist Relying Parties with attestation verification in a
// heterogeneous ecosystem.
//
// Note: There is no guarantee that the Relying Party will obtain a verifiable attestation statement in this case.
// For example, in the case that the authenticator employs self attestation.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-indirect)
PreferIndirectAttestation ConveyancePreference = "indirect"
// PreferDirectAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party wants to receive the attestation statement as generated by the
// authenticator.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-direct)
PreferDirectAttestation ConveyancePreference = "direct"
// PreferEnterpriseAttestation is a ConveyancePreference value.
//
// This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely
// identifying information. This is intended for controlled deployments within an enterprise where the organization
// wishes to tie registrations to specific authenticators. User agents MUST NOT provide such an attestation unless
// the user agent or authenticator configuration permits it for the requested RP ID.
//
// If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that enterprise
// attestation is requested, and convey the resulting AAGUID and attestation statement, unaltered, to the Relying
// Party.
//
// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-enterprise)
PreferEnterpriseAttestation ConveyancePreference = "enterprise"
)
// AttestationFormat is an internal representation of the relevant inputs for registration.
//
// Specification: §5.4 Options for Credential Creation (https://w3c.github.io/webauthn/#dom-publickeycredentialcreationoptions-attestationformats)
// Registry: https://www.iana.org/assignments/webauthn/webauthn.xhtml
type AttestationFormat string
const (
// AttestationFormatPacked is the "packed" attestation statement format is a WebAuthn-optimized format for
// attestation. It uses a very compact but still extensible encoding method. This format is implementable by
// authenticators with limited resources (e.g., secure elements).
AttestationFormatPacked AttestationFormat = "packed"
// AttestationFormatTPM is the TPM attestation statement format returns an attestation statement in the same format
// as the packed attestation statement format, although the rawData and signature fields are computed differently.
AttestationFormatTPM AttestationFormat = "tpm"
// AttestationFormatAndroidKey is the attestation statement format for platform authenticators on versions "N", and
// later, which may provide this proprietary "hardware attestation" statement.
AttestationFormatAndroidKey AttestationFormat = "android-key"
// AttestationFormatAndroidSafetyNet is the attestation statement format that Android-based platform authenticators
// MAY produce an attestation statement based on the Android SafetyNet API.
AttestationFormatAndroidSafetyNet AttestationFormat = "android-safetynet"
// AttestationFormatFIDOUniversalSecondFactor is the attestation statement format that is used with FIDO U2F
// authenticators.
AttestationFormatFIDOUniversalSecondFactor AttestationFormat = "fido-u2f"
// AttestationFormatApple is the attestation statement format that is used with Apple devices' platform
// authenticators.
AttestationFormatApple AttestationFormat = "apple"
// AttestationFormatNone is the attestation statement format that is used to replace any authenticator-provided
// attestation statement when a WebAuthn Relying Party indicates it does not wish to receive attestation information.
AttestationFormatNone AttestationFormat = "none"
)
type PublicKeyCredentialHints string
const (
// PublicKeyCredentialHintSecurityKey is a PublicKeyCredentialHint that indicates that the Relying Party believes
// that users will satisfy this request with a physical security key. For example, an enterprise Relying Party may
// set this hint if they have issued security keys to their employees and will only accept those authenticators for
// registration and authentication.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to cross-platform.
PublicKeyCredentialHintSecurityKey PublicKeyCredentialHints = "security-key"
// PublicKeyCredentialHintClientDevice is a PublicKeyCredentialHint that indicates that the Relying Party believes
// that users will satisfy this request with a platform authenticator attached to the client device.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to platform.
PublicKeyCredentialHintClientDevice PublicKeyCredentialHints = "client-device"
// PublicKeyCredentialHintHybrid is a PublicKeyCredentialHint that indicates that the Relying Party believes that
// users will satisfy this request with general-purpose authenticators such as smartphones. For example, a consumer
// Relying Party may believe that only a small fraction of their customers possesses dedicated security keys. This
// option also implies that the local platform authenticator should not be promoted in the UI.
//
// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
// authenticatorAttachment SHOULD be set to cross-platform.
PublicKeyCredentialHintHybrid PublicKeyCredentialHints = "hybrid"
)
func (a *PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs() [][]byte {
allowedCredentialIDs := make([][]byte, len(a.AllowedCredentials))
for i, credential := range a.AllowedCredentials {
allowedCredentialIDs[i] = credential.CredentialID
}
return allowedCredentialIDs
}
type Extensions any
type ServerResponse struct {
Status ServerResponseStatus `json:"status"`
Message string `json:"errorMessage"`
}
type ServerResponseStatus string
const (
StatusOk ServerResponseStatus = "ok"
StatusFailed ServerResponseStatus = "failed"
)

65
webauthn/options_test.go Normal file
View File

@@ -0,0 +1,65 @@
package webauthn
import (
"reflect"
"testing"
)
func TestPublicKeyCredentialRequestOptions_GetAllowedCredentialIDs(t *testing.T) {
type fields struct {
Challenge URLEncodedBase64
Timeout int
RelyingPartyID string
AllowedCredentials []CredentialDescriptor
UserVerification UserVerificationRequirement
Extensions AuthenticationExtensions
}
tests := []struct {
name string
fields fields
want [][]byte
}{
{
"Correct Credential IDs",
fields{
Challenge: URLEncodedBase64(
[]byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
),
Timeout: 60,
AllowedCredentials: []CredentialDescriptor{
{
Type: PublicKeyCredentialType, CredentialID: []byte("1234"), Transport: []AuthenticatorTransport{"usb"},
},
},
RelyingPartyID: "test.org",
UserVerification: VerificationPreferred,
Extensions: AuthenticationExtensions{},
},
[][]byte{
[]byte("1234"),
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
a := &PublicKeyCredentialRequestOptions{
Challenge: tt.fields.Challenge,
Timeout: tt.fields.Timeout,
RelyingPartyID: tt.fields.RelyingPartyID,
AllowedCredentials: tt.fields.AllowedCredentials,
UserVerification: tt.fields.UserVerification,
Extensions: tt.fields.Extensions,
}
if got := a.GetAllowedCredentialIDs(); !reflect.DeepEqual(got, tt.want) {
t.Errorf(
"PublicKeyCredentialRequestOptions.GetAllowedCredentialIDs() = %v, want %v",
got,
tt.want,
)
}
})
}
}

235
webauthn/performance.go Normal file
View File

@@ -0,0 +1,235 @@
// Package webauthn provides performance optimizations for WebAuthn operations.
package webauthn
import (
"crypto/ecdsa"
"crypto/sha256"
"encoding/asn1"
"fmt"
"hash"
"math/big"
"sync"
"time"
"github.com/sonr-io/common/webauthn/webauthncose"
)
// Performance optimization structures and caches
// CachedEC2PublicKey stores parsed ECDSA public key for reuse.
type CachedEC2PublicKey struct {
PublicKey *ecdsa.PublicKey
Algorithm webauthncose.COSEAlgorithmIdentifier
}
// CredentialCache provides thread-safe caching for parsed credentials.
type CredentialCache struct {
pubkeys sync.Map // map[string]*CachedEC2PublicKey
challenges sync.Map // map[string]*ChallengeValidation
hashes sync.Map // map[string][32]byte
}
// ChallengeValidation stores cached challenge validation results.
type ChallengeValidation struct {
IsValid bool
ExpiresAt time.Time
}
var (
// Global credential cache instance
globalCache = &CredentialCache{}
// Hash pool for reusing hash instances
hashPool = sync.Pool{
New: func() any {
return sha256.New()
},
}
)
// GetCache returns the global credential cache.
func GetCache() *CredentialCache {
return globalCache
}
// GetCachedPublicKey retrieves or creates a cached ECDSA public key.
func (c *CredentialCache) GetCachedPublicKey(
xCoord, yCoord []byte,
algorithm int64,
) (*CachedEC2PublicKey, error) {
cacheKey := fmt.Sprintf("%x-%x", xCoord, yCoord)
// Try to load from cache
if cached, ok := c.pubkeys.Load(cacheKey); ok {
return cached.(*CachedEC2PublicKey), nil
}
// Create new cached key
curve := webauthncose.EC2AlgCurve(algorithm)
if curve == nil {
return nil, webauthncose.ErrUnsupportedAlgorithm
}
cachedKey := &CachedEC2PublicKey{
PublicKey: &ecdsa.PublicKey{
Curve: curve,
X: new(big.Int).SetBytes(xCoord),
Y: new(big.Int).SetBytes(yCoord),
},
Algorithm: webauthncose.COSEAlgorithmIdentifier(algorithm),
}
// Store in cache
actual, _ := c.pubkeys.LoadOrStore(cacheKey, cachedKey)
return actual.(*CachedEC2PublicKey), nil
}
// VerifyWithCache performs ECDSA verification using cached public key.
func (c *CredentialCache) VerifyWithCache(
key *webauthncose.EC2PublicKeyData,
data []byte,
sig []byte,
) (bool, error) {
// Get cached public key
cached, err := c.GetCachedPublicKey(key.XCoord, key.YCoord, key.Algorithm)
if err != nil {
return false, err
}
// Get hash from pool
h := hashPool.Get().(hash.Hash)
defer func() {
h.Reset()
hashPool.Put(h)
}()
h.Write(data)
hashed := h.Sum(nil)
// Parse signature
type ECDSASignature struct {
R, S *big.Int
}
var e ECDSASignature
if _, err := asn1.Unmarshal(sig, &e); err != nil {
return false, webauthncose.ErrSigNotProvidedOrInvalid
}
return ecdsa.Verify(cached.PublicKey, hashed, e.R, e.S), nil
}
// GetClientDataHash returns cached SHA256 hash of client data.
func (c *CredentialCache) GetClientDataHash(clientDataJSON []byte) [32]byte {
// Create cache key from first 8 bytes of hash
quickHash := sha256.Sum256(clientDataJSON)
cacheKey := fmt.Sprintf("%x", quickHash[:8])
// Check cache
if cached, ok := c.hashes.Load(cacheKey); ok {
return cached.([32]byte)
}
// Store and return
c.hashes.Store(cacheKey, quickHash)
return quickHash
}
// ValidateChallengeWithCache validates challenge with caching.
func (c *CredentialCache) ValidateChallengeWithCache(
challenge string,
expected []byte,
) (bool, error) {
cacheKey := fmt.Sprintf("%s-%x", challenge, expected)
// Check cache
if cached, ok := c.challenges.Load(cacheKey); ok {
cv := cached.(*ChallengeValidation)
if time.Now().Before(cv.ExpiresAt) {
return cv.IsValid, nil
}
// Expired, remove from cache
c.challenges.Delete(cacheKey)
}
// Perform validation
isValid := challenge == fmt.Sprintf("%x", expected)
// Cache result for 5 minutes
c.challenges.Store(cacheKey, &ChallengeValidation{
IsValid: isValid,
ExpiresAt: time.Now().Add(5 * time.Minute),
})
return isValid, nil
}
// CleanExpiredChallenges removes expired challenge validations from cache.
func (c *CredentialCache) CleanExpiredChallenges() {
now := time.Now()
c.challenges.Range(func(key, value any) bool {
cv := value.(*ChallengeValidation)
if now.After(cv.ExpiresAt) {
c.challenges.Delete(key)
}
return true
})
}
// StartCacheCleaner starts a background goroutine to clean expired entries.
func StartCacheCleaner(interval time.Duration) {
go func() {
ticker := time.NewTicker(interval)
defer ticker.Stop()
for range ticker.C {
globalCache.CleanExpiredChallenges()
}
}()
}
// ClearCache removes all cached entries.
func (c *CredentialCache) ClearCache() {
c.pubkeys.Range(func(key, value any) bool {
c.pubkeys.Delete(key)
return true
})
c.challenges.Range(func(key, value any) bool {
c.challenges.Delete(key)
return true
})
c.hashes.Range(func(key, value any) bool {
c.hashes.Delete(key)
return true
})
}
// CacheStats returns cache statistics.
type CacheStats struct {
PublicKeys int
Challenges int
Hashes int
}
// GetStats returns current cache statistics.
func (c *CredentialCache) GetStats() CacheStats {
stats := CacheStats{}
c.pubkeys.Range(func(key, value any) bool {
stats.PublicKeys++
return true
})
c.challenges.Range(func(key, value any) bool {
stats.Challenges++
return true
})
c.hashes.Range(func(key, value any) bool {
stats.Hashes++
return true
})
return stats
}

24
webauthn/revoke/LICENSE Normal file
View File

@@ -0,0 +1,24 @@
Copyright (c) 2014 CloudFlare Inc.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

4
webauthn/revoke/README.md Normal file
View File

@@ -0,0 +1,4 @@
# revoke
A fork of [github.com/cloudflare/cfssl/revoke](https://github.com/cloudflare/cfssl/tree/master/revoke) primarily intent
on implementing functionality needed by [github.com/go-webauthn/webauthn](https://github.com/go-webauthn/webauthn).

4
webauthn/revoke/doc.go Normal file
View File

@@ -0,0 +1,4 @@
// Package revoke provides functionality for checking the validity of a cert. Specifically, the temporal validity of the
// certificate is checked first, then any CRL and OCSP url in the cert is checked. This is a fork of the
// github.com/cloudflare/cfssl/revoke package. It's used to lookup the revocation status of X.509 Certificates.
package revoke

450
webauthn/revoke/err.go Normal file
View File

@@ -0,0 +1,450 @@
package revoke
import (
"crypto/x509"
"encoding/json"
"errors"
"fmt"
)
// Error is the error type usually returned by functions in CF SSL package.
// It contains a 4-digit error code where the most significant digit
// describes the category where the error occurred and the rest 3 digits
// describe the specific error reason.
type Error struct {
ErrorCode int `json:"code"`
Message string `json:"message"`
}
// The error interface implementation, which formats to a JSON object string.
func (e *Error) Error() string {
marshaled, err := json.Marshal(e)
if err != nil {
panic(err)
}
return string(marshaled)
}
// Category is the most significant digit of the error code.
type Category int
// Reason is the last 3 digits of the error code.
type Reason int
const (
// Success indicates no error occurred.
Success Category = 1000 * iota // 0XXX
// CertificateError indicates a fault in a certificate.
CertificateError // 1XXX
// PrivateKeyError indicates a fault in a private key.
PrivateKeyError // 2XXX
// IntermediatesError indicates a fault in an intermediate.
IntermediatesError // 3XXX
// RootError indicates a fault in a root.
RootError // 4XXX
// PolicyError indicates an error arising from a malformed or
// non-existent policy, or a breach of policy.
PolicyError // 5XXX
// DialError indicates a network fault.
DialError // 6XXX
// APIClientError indicates a problem with the API client.
APIClientError // 7XXX
// OCSPError indicates a problem with OCSP signing
OCSPError // 8XXX
// CSRError indicates a problem with CSR parsing
CSRError // 9XXX
// CTError indicates a problem with the certificate transparency process
CTError // 10XXX
// CertStoreError indicates a problem with the certificate store
CertStoreError // 11XXX
)
// None is a non-specified error.
const (
None Reason = iota
)
// Warning code for a success
const (
BundleExpiringBit int = 1 << iota // 0x01
BundleNotUbiquitousBit // 0x02
)
// Parsing errors
const (
Unknown Reason = iota // X000
ReadFailed // X001
DecodeFailed // X002
ParseFailed // X003
)
// The following represent certificate non-parsing errors, and must be
// specified along with CertificateError.
const (
// SelfSigned indicates that a certificate is self-signed and
// cannot be used in the manner being attempted.
SelfSigned Reason = 100 * (iota + 1) // Code 11XX
// VerifyFailed is an X.509 verification failure. The least two
// significant digits of 12XX is determined as the actual x509
// error is examined.
VerifyFailed // Code 12XX
// BadRequest indicates that the certificate request is invalid.
BadRequest // Code 13XX
// MissingSerial indicates that the profile specified
// 'ClientProvidesSerialNumbers', but the SignRequest did not include a serial
// number.
MissingSerial // Code 14XX
)
const (
certificateInvalid = 10 * (iota + 1) // 121X
unknownAuthority // 122x
)
// The following represent private-key non-parsing errors, and must be
// specified with PrivateKeyError.
const (
// Encrypted indicates that the private key is a PKCS #8 encrypted
// private key. At this time, CFSSL does not support decrypting
// these keys.
Encrypted Reason = 100 * (iota + 1) // 21XX
// NotRSAOrECC indicates that they key is not an RSA or ECC
// private key; these are the only two private key types supported
// at this time by CFSSL.
NotRSAOrECC // 22XX
// KeyMismatch indicates that the private key does not match
// the public key or certificate being presented with the key.
KeyMismatch // 23XX
// GenerationFailed indicates that a private key could not
// be generated.
GenerationFailed // 24XX
// Unavailable indicates that a private key mechanism (such as
// PKCS #11) was requested but support for that mechanism is
// not available.
Unavailable
)
// The following are policy-related non-parsing errors, and must be
// specified along with PolicyError.
const (
// NoKeyUsages indicates that the profile does not permit any
// key usages for the certificate.
NoKeyUsages Reason = 100 * (iota + 1) // 51XX
// InvalidPolicy indicates that policy being requested is not
// a valid policy or does not exist.
InvalidPolicy // 52XX
// InvalidRequest indicates a certificate request violated the
// constraints of the policy being applied to the request.
InvalidRequest // 53XX
// UnknownProfile indicates that the profile does not exist.
UnknownProfile // 54XX
UnmatchedWhitelist // 55xx
)
// The following are API client related errors, and should be
// specified with APIClientError.
const (
// AuthenticationFailure occurs when the client is unable
// to obtain an authentication token for the request.
AuthenticationFailure Reason = 100 * (iota + 1)
// JSONError wraps an encoding/json error.
JSONError
// IOError wraps an io/ioutil error.
IOError
// ClientHTTPError wraps a net/http error.
ClientHTTPError
// ServerRequestFailed covers any other failures from the API
// client.
ServerRequestFailed
)
// The following are OCSP related errors, and should be
// specified with OCSPError
const (
// IssuerMismatch ocurs when the certificate in the OCSP signing
// request was not issued by the CA that this responder responds for.
IssuerMismatch Reason = 100 * (iota + 1) // 81XX
// InvalidStatus occurs when the OCSP signing requests includes an
// invalid value for the certificate status.
InvalidStatus
)
// Certificate transparency related errors specified with CTError
const (
// PrecertSubmissionFailed occurs when submitting a precertificate to
// a log server fails
PrecertSubmissionFailed = 100 * (iota + 1)
// CTClientConstructionFailed occurs when the construction of a new
// github.com/google/certificate-transparency client fails.
CTClientConstructionFailed
// PrecertMissingPoison occurs when a precert is passed to SignFromPrecert
// and is missing the CT poison extension.
PrecertMissingPoison
// PrecertInvalidPoison occurs when a precert is passed to SignFromPrecert
// and has a invalid CT poison extension value or the extension is not
// critical.
PrecertInvalidPoison
)
// Certificate persistence related errors specified with CertStoreError
const (
// InsertionFailed occurs when a SQL insert query failes to complete.
InsertionFailed = 100 * (iota + 1)
// RecordNotFound occurs when a SQL query targeting on one unique
// record failes to update the specified row in the table.
RecordNotFound
)
// NewError provided the given category, reason, returns an Error.
func NewError(category Category, reason Reason) *Error {
errorCode := int(category) + int(reason)
var msg string
switch category {
case OCSPError:
switch reason {
case ReadFailed:
msg = "No certificate provided"
case IssuerMismatch:
msg = "Certificate not issued by this issuer"
case InvalidStatus:
msg = "Invalid revocation status"
}
case CertificateError:
switch reason {
case Unknown:
msg = "Unknown certificate error"
case ReadFailed:
msg = "Failed to read certificate"
case DecodeFailed:
msg = "Failed to decode certificate"
case ParseFailed:
msg = "Failed to parse certificate"
case SelfSigned:
msg = "Certificate is self signed"
case VerifyFailed:
msg = "Unable to verify certificate"
case BadRequest:
msg = "Invalid certificate request"
case MissingSerial:
msg = "Missing serial number in request"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category CertificateError.",
reason))
}
case PrivateKeyError:
switch reason {
case Unknown:
msg = "Unknown private key error"
case ReadFailed:
msg = "Failed to read private key"
case DecodeFailed:
msg = "Failed to decode private key"
case ParseFailed:
msg = "Failed to parse private key"
case Encrypted:
msg = "Private key is encrypted."
case NotRSAOrECC:
msg = "Private key algorithm is not RSA or ECC"
case KeyMismatch:
msg = "Private key does not match public key"
case GenerationFailed:
msg = "Failed to new private key"
case Unavailable:
msg = "Private key is unavailable"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category PrivateKeyError.",
reason))
}
case IntermediatesError:
switch reason {
case Unknown:
msg = "Unknown intermediate certificate error"
case ReadFailed:
msg = "Failed to read intermediate certificate"
case DecodeFailed:
msg = "Failed to decode intermediate certificate"
case ParseFailed:
msg = "Failed to parse intermediate certificate"
default:
panic(
fmt.Sprintf("Unsupported CFSSL error reason %d under category IntermediatesError.",
reason),
)
}
case RootError:
switch reason {
case Unknown:
msg = "Unknown root certificate error"
case ReadFailed:
msg = "Failed to read root certificate"
case DecodeFailed:
msg = "Failed to decode root certificate"
case ParseFailed:
msg = "Failed to parse root certificate"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category RootError.",
reason))
}
case PolicyError:
switch reason {
case Unknown:
msg = "Unknown policy error"
case NoKeyUsages:
msg = "Invalid policy: no key usage available"
case InvalidPolicy:
msg = "Invalid or unknown policy"
case InvalidRequest:
msg = "Policy violation request"
case UnknownProfile:
msg = "Unknown policy profile"
case UnmatchedWhitelist:
msg = "Request does not match policy whitelist"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category PolicyError.",
reason))
}
case DialError:
switch reason {
case Unknown:
msg = "Failed to dial remote server"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category DialError.",
reason))
}
case APIClientError:
switch reason {
case AuthenticationFailure:
msg = "API client authentication failure"
case JSONError:
msg = "API client JSON config error"
case ClientHTTPError:
msg = "API client HTTP error"
case IOError:
msg = "API client IO error"
case ServerRequestFailed:
msg = "API client error: Server request failed"
default:
panic(fmt.Sprintf("Unsupported CFSSL error reason %d under category APIClientError.",
reason))
}
case CSRError:
switch reason {
case Unknown:
msg = "CSR parsing failed due to unknown error"
case ReadFailed:
msg = "CSR file read failed"
case ParseFailed:
msg = "CSR Parsing failed"
case DecodeFailed:
msg = "CSR Decode failed"
case BadRequest:
msg = "CSR Bad request"
default:
panic(
fmt.Sprintf(
"Unsupported CF-SSL error reason %d under category APIClientError.",
reason,
),
)
}
case CTError:
switch reason {
case Unknown:
msg = "Certificate transparency parsing failed due to unknown error"
case PrecertSubmissionFailed:
msg = "Certificate transparency precertificate submission failed"
case PrecertMissingPoison:
msg = "Precertificate is missing CT poison extension"
case PrecertInvalidPoison:
msg = "Precertificate contains an invalid CT poison extension"
default:
panic(fmt.Sprintf("Unsupported CF-SSL error reason %d under category CTError.", reason))
}
case CertStoreError:
switch reason {
case Unknown:
msg = "Certificate store action failed due to unknown error"
default:
panic(
fmt.Sprintf(
"Unsupported CF-SSL error reason %d under category CertStoreError.",
reason,
),
)
}
default:
panic(fmt.Sprintf("Unsupported CFSSL error type: %d.",
category))
}
return &Error{ErrorCode: errorCode, Message: msg}
}
// Wrap returns an error that contains the given error and an error code derived from
// the given category, reason and the error. Currently, to avoid confusion, it is not
// allowed to create an error of category Success
func WrapError(category Category, reason Reason, err error) *Error {
errorCode := int(category) + int(reason)
if err == nil {
panic("Wrap needs a supplied error to initialize.")
}
// do not double wrap a error
switch err.(type) {
case *Error:
panic("Unable to wrap a wrapped error.")
}
switch category {
case CertificateError:
// given VerifyFailed , report the status with more detailed status code
// for some certificate errors we care.
if reason == VerifyFailed {
switch errorType := err.(type) {
case x509.CertificateInvalidError:
errorCode += certificateInvalid + int(errorType.Reason)
case x509.UnknownAuthorityError:
errorCode += unknownAuthority
}
}
case PrivateKeyError, IntermediatesError, RootError, PolicyError, DialError,
APIClientError, CSRError, CTError, CertStoreError, OCSPError:
// no-op, just use the error
default:
panic(fmt.Sprintf("Unsupported CFSSL error type: %d.",
category))
}
return &Error{ErrorCode: errorCode, Message: err.Error()}
}
var ErrFailedGetCRL = errors.New("failed to retrieve CRL")

78
webauthn/revoke/helpers.go Normal file
View File

@@ -0,0 +1,78 @@
package revoke
import (
"bytes"
"crypto/x509"
"encoding/pem"
"errors"
"net/url"
)
// ParseCertificatePEM parses and returns a PEM-encoded certificate,
// can handle PEM encoded PKCS #7 structures.
func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error) {
certPEM = bytes.TrimSpace(certPEM)
cert, rest, err := ParseOneCertificateFromPEM(certPEM)
if err != nil {
// Log the actual parsing error but throw a default parse error message.
return nil, NewError(CertificateError, ParseFailed)
} else if cert == nil {
return nil, NewError(CertificateError, DecodeFailed)
} else if len(rest) > 0 {
return nil, WrapError(CertificateError, ParseFailed, errors.New("the PEM file should contain only one object"))
} else if len(cert) > 1 {
return nil, WrapError(CertificateError, ParseFailed, errors.New("the PKCS7 object in the PEM file should contain only one certificate"))
}
return cert[0], nil
}
// ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object,
// either a raw x509 certificate or a PKCS #7 structure possibly containing
// multiple certificates, from the top of certsPEM, which itself may
// contain multiple PEM encoded certificate objects.
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error) {
block, rest := pem.Decode(certsPEM)
if block == nil {
return nil, rest, nil
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
var pkcs7data *PKCS7
if pkcs7data, err = ParsePKCS7(block.Bytes); err != nil {
return nil, rest, err
}
if pkcs7data.ContentInfo != "SignedData" {
return nil, rest, errors.New(
"only PKCS #7 Signed Data Content Info supported for certificate parsing",
)
}
certs := pkcs7data.Content.SignedData.Certificates
if certs == nil {
return nil, rest, errors.New("PKCS #7 structure contains no certificates")
}
return certs, rest, nil
}
return []*x509.Certificate{cert}, rest, nil
}
// We can't handle LDAP certificates, so this checks to see if the
// URL string points to an LDAP resource so that we can ignore it.
func ldapURL(uri string) bool {
u, err := url.Parse(uri)
if err != nil {
return false
}
if u.Scheme == "ldap" {
return true
}
return false
}

196
webauthn/revoke/pkcs7.go Normal file
View File

@@ -0,0 +1,196 @@
// Package pkcs7 implements the subset of the CMS PKCS #7 datatype that is typically
// used to package certificates and CRLs. Using openssl, every certificate converted
// to PKCS #7 format from another encoding such as PEM conforms to this implementation.
// reference: https://www.openssl.org/docs/man1.1.0/apps/crl2pkcs7.html
//
// PKCS #7 Data type, reference: https://tools.ietf.org/html/rfc2315
//
// The full pkcs#7 cryptographic message syntax allows for cryptographic enhancements,
// for example data can be encrypted and signed and then packaged through pkcs#7 to be
// sent over a network and then verified and decrypted. It is asn1, and the type of
// PKCS #7 ContentInfo, which comprises the PKCS #7 structure, is:
//
// ContentInfo ::= SEQUENCE {
// contentType ContentType,
// content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
// }
//
// There are 6 possible ContentTypes, data, signedData, envelopedData,
// signedAndEnvelopedData, digestedData, and encryptedData. Here signedData, Data, and encrypted
// Data are implemented, as the degenerate case of signedData without a signature is the typical
// format for transferring certificates and CRLS, and Data and encryptedData are used in PKCS #12
// formats.
// The ContentType signedData has the form:
//
// signedData ::= SEQUENCE {
// version Version,
// digestAlgorithms DigestAlgorithmIdentifiers,
// contentInfo ContentInfo,
// certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
// crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
// signerInfos SignerInfos
// }
//
// As of yet signerInfos and digestAlgorithms are not parsed, as they are not relevant to
// this system's use of PKCS #7 data. Version is an integer type, note that PKCS #7 is
// recursive, this second layer of ContentInfo is similar ignored for our degenerate
// usage. The ExtendedCertificatesAndCertificates type consists of a sequence of choices
// between PKCS #6 extended certificates and x509 certificates. Any sequence consisting
// of any number of extended certificates is not yet supported in this implementation.
//
// The ContentType Data is simply a raw octet string and is parsed directly into a Go []byte slice.
//
// The ContentType encryptedData is the most complicated and its form can be gathered by
// the go type below. It essentially contains a raw octet string of encrypted data and an
// algorithm identifier for use in decrypting this data.
package revoke
import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"errors"
)
// Types used for asn1 Unmarshaling.
type signedData struct {
Version int
DigestAlgorithms asn1.RawValue
ContentInfo asn1.RawValue
Certificates asn1.RawValue `asn1:"optional"`
Crls asn1.RawValue `asn1:"optional"`
SignerInfos asn1.RawValue
}
type initPKCS7 struct {
Raw asn1.RawContent
ContentType asn1.ObjectIdentifier
Content asn1.RawValue `asn1:"tag:0,explicit,optional"`
}
// Object identifier strings of the three implemented PKCS7 types.
const (
ObjIDData = "1.2.840.113549.1.7.1"
ObjIDSignedData = "1.2.840.113549.1.7.2"
ObjIDEncryptedData = "1.2.840.113549.1.7.6"
)
// PKCS7 represents the ASN1 PKCS #7 Content type. It contains one of three
// possible types of Content objects, as denoted by the object identifier in
// the ContentInfo field, the other two being nil. SignedData
// is the degenerate SignedData Content info without signature used
// to hold certificates and crls. Data is raw bytes, and EncryptedData
// is as defined in PKCS #7 standard.
type PKCS7 struct {
Raw asn1.RawContent
ContentInfo string
Content Content
}
// Content implements three of the six possible PKCS7 data types. Only one is non-nil.
type Content struct {
Data []byte
SignedData SignedData
EncryptedData EncryptedData
}
// SignedData defines the typical carrier of certificates and CRLs.
type SignedData struct {
Raw asn1.RawContent
Version int
Certificates []*x509.Certificate
Crl *pkix.CertificateList
}
// Data contains raw bytes. Used as a subtype in PKCS12.
type Data struct {
Bytes []byte
}
// EncryptedData contains encrypted data. Used as a subtype in PKCS12.
type EncryptedData struct {
Raw asn1.RawContent
Version int
EncryptedContentInfo EncryptedContentInfo
}
// EncryptedContentInfo is a subtype of PKCS7EncryptedData.
type EncryptedContentInfo struct {
Raw asn1.RawContent
ContentType asn1.ObjectIdentifier
ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
EncryptedContent []byte `asn1:"tag:0,optional"`
}
// ParsePKCS7 attempts to parse the DER encoded bytes of a
// PKCS7 structure.
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
var pkcs7 initPKCS7
_, err = asn1.Unmarshal(raw, &pkcs7)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
msg = new(PKCS7)
msg.Raw = pkcs7.Raw
msg.ContentInfo = pkcs7.ContentType.String()
switch {
case msg.ContentInfo == ObjIDData:
msg.ContentInfo = "Data"
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &msg.Content.Data)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
case msg.ContentInfo == ObjIDSignedData:
msg.ContentInfo = "SignedData"
var signedData signedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &signedData)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
if len(signedData.Certificates.Bytes) != 0 {
msg.Content.SignedData.Certificates, err = x509.ParseCertificates(
signedData.Certificates.Bytes,
)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
}
if len(signedData.Crls.Bytes) != 0 {
msg.Content.SignedData.Crl, err = x509.ParseDERCRL(signedData.Crls.Bytes)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
}
msg.Content.SignedData.Version = signedData.Version
msg.Content.SignedData.Raw = pkcs7.Content.Bytes
case msg.ContentInfo == ObjIDEncryptedData:
msg.ContentInfo = "EncryptedData"
var encryptedData EncryptedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &encryptedData)
if err != nil {
return nil, WrapError(CertificateError, ParseFailed, err)
}
if encryptedData.Version != 0 {
return nil, WrapError(
CertificateError,
ParseFailed,
errors.New("Only support for PKCS #7 encryptedData version 0"),
)
}
msg.Content.EncryptedData = encryptedData
default:
return nil, WrapError(
CertificateError,
ParseFailed,
errors.New(
"Attempt to parse PKCS# 7 Content not of type data, signed data or encrypted data",
),
)
}
return msg, nil
}

244
webauthn/revoke/revoke.go Normal file
View File

@@ -0,0 +1,244 @@
package revoke
import (
"bytes"
"crypto"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"fmt"
"io"
"net/http"
"net/url"
"sync"
"time"
"golang.org/x/crypto/ocsp"
)
// revCheck should check the certificate for any revocations. It
// returns a pair of booleans: the first indicates whether the certificate
// is revoked, the second indicates whether the revocations were
// successfully checked.. This leads to the following combinations:
//
// false, false: an error was encountered while checking revocations.
//
// false, true: the certificate was checked successfully and
// it is not revoked.
//
// true, true: the certificate was checked successfully and
// it is revoked.
//
// true, false: failure to check revocation status causes
// verification to fail
func revCheck(cert *x509.Certificate) (revoked, ok bool, err error) {
for _, uri := range cert.CRLDistributionPoints {
if ldapURL(uri) {
continue
}
if revoked, ok, err = certIsRevokedCRL(cert, uri); !ok {
if HardFail {
return true, false, err
}
return false, false, err
} else if revoked {
return true, true, err
}
}
if revoked, ok, err = certIsRevokedOCSP(cert, HardFail); !ok {
if HardFail {
return true, false, err
}
return false, false, err
} else if revoked {
return true, true, err
}
return false, true, nil
}
func getIssuer(cert *x509.Certificate) (issuer *x509.Certificate) {
var (
uri string
err error
)
for _, uri = range cert.IssuingCertificateURL {
issuer, err = fetchRemote(uri)
if err != nil {
continue
}
break
}
return issuer
}
// VerifyCertificate ensures that the certificate passed in hasn't
// expired and checks the CRL for the server.
func VerifyCertificate(cert *x509.Certificate) (revoked, ok bool) {
revoked, ok, _ = VerifyCertificateError(cert)
return revoked, ok
}
// VerifyCertificateError ensures that the certificate passed in hasn't
// expired and checks the CRL for the server.
func VerifyCertificateError(cert *x509.Certificate) (revoked, ok bool, err error) {
if !time.Now().Before(cert.NotAfter) {
return true, true, fmt.Errorf("Certificate expired %s\n", cert.NotAfter)
} else if !time.Now().After(cert.NotBefore) {
return true, true, fmt.Errorf("Certificate isn't valid until %s\n", cert.NotBefore)
}
return revCheck(cert)
}
func fetchRemote(url string) (*x509.Certificate, error) {
resp, err := HTTPClient.Get(url)
if err != nil {
return nil, err
}
defer resp.Body.Close()
in, err := remoteRead(resp.Body)
if err != nil {
return nil, err
}
p, _ := pem.Decode(in)
if p != nil {
return ParseCertificatePEM(in)
}
return x509.ParseCertificate(in)
}
func certIsRevokedOCSP(leaf *x509.Certificate, strict bool) (revoked, ok bool, e error) {
var err error
ocspURLs := leaf.OCSPServer
if len(ocspURLs) == 0 {
// OCSP not enabled for this certificate.
return false, true, nil
}
issuer := getIssuer(leaf)
if issuer == nil {
return false, false, nil
}
ocspRequest, err := ocsp.CreateRequest(leaf, issuer, &ocspOpts)
if err != nil {
return revoked, ok, err
}
for _, server := range ocspURLs {
resp, err := sendOCSPRequest(server, ocspRequest, leaf, issuer)
if err != nil {
if strict {
return revoked, ok, err
}
continue
}
// There wasn't an error fetching the OCSP status.
ok = true
if resp.Status != ocsp.Good {
// The certificate was revoked.
revoked = true
}
return revoked, ok, err
}
return revoked, ok, err
}
// sendOCSPRequest attempts to request an OCSP response from the
// server. The error only indicates a failure to *fetch* the
// certificate, and *does not* mean the certificate is valid.
func sendOCSPRequest(
server string,
req []byte,
leaf, issuer *x509.Certificate,
) (r *ocsp.Response, err error) {
var resp *http.Response
if len(req) > 256 {
buf := bytes.NewBuffer(req)
resp, err = HTTPClient.Post(server, "application/ocsp-request", buf)
} else {
reqURL := server + "/" + url.QueryEscape(base64.StdEncoding.EncodeToString(req))
resp, err = HTTPClient.Get(reqURL)
}
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, errors.New("failed to retrieve OSCP")
}
body, err := ocspRead(resp.Body)
if err != nil {
return nil, err
}
switch {
case bytes.Equal(body, ocsp.UnauthorizedErrorResponse):
return nil, errors.New("OSCP unauthorized")
case bytes.Equal(body, ocsp.MalformedRequestErrorResponse):
return nil, errors.New("OSCP malformed")
case bytes.Equal(body, ocsp.InternalErrorErrorResponse):
return nil, errors.New("OSCP internal error")
case bytes.Equal(body, ocsp.TryLaterErrorResponse):
return nil, errors.New("OSCP try later")
case bytes.Equal(body, ocsp.SigRequredErrorResponse):
return nil, errors.New("OSCP signature required")
}
return ocsp.ParseResponseForCert(body, leaf, issuer)
}
var (
// HTTPClient is an instance of http.Client that will be used for all HTTP requests.
HTTPClient = http.DefaultClient
// HardFail determines whether the failure to check the revocation
// status of a certificate (i.e. due to network failure) causes
// verification to fail (a hard failure).
HardFail = false
crlRead = io.ReadAll
remoteRead = io.ReadAll
ocspRead = io.ReadAll
ocspOpts = ocsp.RequestOptions{
Hash: crypto.SHA1,
}
crlLock = new(sync.Mutex)
)
// SetCRLFetcher sets the function to use to read from the http response body
func SetCRLFetcher(fn func(io.Reader) ([]byte, error)) {
crlRead = fn
}
// SetRemoteFetcher sets the function to use to read from the http response body
func SetRemoteFetcher(fn func(io.Reader) ([]byte, error)) {
remoteRead = fn
}
// SetOCSPFetcher sets the function to use to read from the http response body
func SetOCSPFetcher(fn func(io.Reader) ([]byte, error)) {
ocspRead = fn
}

87
webauthn/revoke/revoke_legacy.go Normal file
View File

@@ -0,0 +1,87 @@
//go:build !go1.19
package revoke
import (
"crypto/x509"
"crypto/x509/pkix"
"time"
)
// CRLSet associates a PKIX certificate list with the URL the CRL is
// fetched from.
var (
CRLSet = map[string]*pkix.CertificateList{}
)
// fetchCRL fetches and parses a CRL.
func fetchCRL(url string) (*pkix.CertificateList, error) {
resp, err := HTTPClient.Get(url)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode >= 300 {
return nil, ErrFailedGetCRL
}
body, err := crlRead(resp.Body)
if err != nil {
return nil, err
}
return x509.ParseCRL(body)
}
// check a cert against a specific CRL. Returns the same bool pair
// as revCheck, plus an error if one occurred.
func certIsRevokedCRL(cert *x509.Certificate, url string) (revoked, ok bool, err error) {
var crl *pkix.CertificateList
crlLock.Lock()
if crl, ok = CRLSet[url]; ok && crl == nil {
ok = false
delete(CRLSet, url)
}
crlLock.Unlock()
shouldFetchCRL := true
if ok && !crl.HasExpired(time.Now()) {
shouldFetchCRL = false
}
issuer := getIssuer(cert)
if shouldFetchCRL {
if crl, err = fetchCRL(url); err != nil {
return false, false, err
}
// Check the CRL signature.
if issuer != nil {
if err = issuer.CheckCRLSignature(crl); err != nil {
return false, false, err
}
}
crlLock.Lock()
CRLSet[url] = crl
crlLock.Unlock()
}
var rc pkix.RevokedCertificate
for _, rc = range crl.TBSCertList.RevokedCertificates {
if cert.SerialNumber.Cmp(rc.SerialNumber) == 0 {
return true, true, err
}
}
return false, true, err
}

80
webauthn/revoke/revoke_modern.go Normal file
View File

@@ -0,0 +1,80 @@
//go:build go1.19
package revoke
import (
"crypto/x509"
"time"
)
// CRLSet associates a PKIX certificate list with the URL the CRL is
// fetched from.
var (
CRLSet = map[string]*x509.RevocationList{}
)
// fetchCRL fetches and parses a CRL.
func fetchCRL(url string) (*x509.RevocationList, error) {
resp, err := HTTPClient.Get(url)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode >= 300 {
return nil, ErrFailedGetCRL
}
body, err := crlRead(resp.Body)
if err != nil {
return nil, err
}
return x509.ParseRevocationList(body)
}
// check a cert against a specific CRL. Returns the same bool pair
// as revCheck, plus an error if one occurred.
func certIsRevokedCRL(cert *x509.Certificate, url string) (revoked, ok bool, err error) {
var crl *x509.RevocationList
crlLock.Lock()
if crl, ok = CRLSet[url]; ok && crl == nil {
ok = false
delete(CRLSet, url)
}
crlLock.Unlock()
shouldFetchCRL := !ok || !time.Now().Before(crl.NextUpdate)
issuer := getIssuer(cert)
if shouldFetchCRL {
if crl, err = fetchCRL(url); err != nil {
return false, false, err
}
// Check the CRL signature.
if issuer != nil {
if err = crl.CheckSignatureFrom(issuer); err != nil {
return false, false, err
}
}
crlLock.Lock()
CRLSet[url] = crl
crlLock.Unlock()
}
for _, rcert := range crl.RevokedCertificates {
if cert.SerialNumber.Cmp(rcert.SerialNumber) == 0 {
return true, true, err
}
}
return false, true, err
}

310
webauthn/sonr_services.go Normal file
View File

@@ -0,0 +1,310 @@
// Package webauthn provides Sonr-specific WebAuthn service binding functionality
// that integrates with the x/svc module for domain-verified WebAuthn credentials.
//
// This package contains service-related WebAuthn operations that enable binding
// WebAuthn credentials to verified domains for capability-based access control.
package webauthn
import (
"fmt"
"net/url"
"strings"
)
// ServiceBinding represents a binding between a WebAuthn credential and a verified service domain.
type ServiceBinding struct {
// CredentialID is the WebAuthn credential identifier
CredentialID string
// Domain is the verified domain this credential is bound to
Domain string
// ServiceID is the unique identifier for the registered service
ServiceID string
// Permissions are the specific permissions granted to this credential
Permissions []string
// Origin is the WebAuthn origin for this service binding
Origin string
// CreatedAt timestamp when the binding was created
CreatedAt int64
// ExpiresAt timestamp when the binding expires (optional, 0 = no expiry)
ExpiresAt int64
}
// ValidateServiceBinding validates a WebAuthn credential for service binding.
// This ensures that the credential is legitimate and the service domain is verified.
func ValidateServiceBinding(
credential WebAuthnCredential,
domain string,
permissions []string,
) error {
if credential == nil {
return fmt.Errorf("credential cannot be nil")
}
if domain == "" {
return fmt.Errorf("domain cannot be empty")
}
// Validate credential structure first
if err := ValidateStructure(credential); err != nil {
return fmt.Errorf("credential validation failed: %w", err)
}
// Validate domain format
if err := validateServiceDomain(domain); err != nil {
return fmt.Errorf("invalid service domain: %w", err)
}
// Validate permissions
if err := validateServicePermissions(permissions); err != nil {
return fmt.Errorf("invalid service permissions: %w", err)
}
// Validate origin matches domain
if credential.GetOrigin() != "" {
expectedOrigin := fmt.Sprintf("https://%s", domain)
if credential.GetOrigin() != expectedOrigin {
return fmt.Errorf("credential origin %s does not match expected service origin %s",
credential.GetOrigin(), expectedOrigin)
}
}
return nil
}
// validateServiceDomain validates that a domain meets service binding requirements.
func validateServiceDomain(domain string) error {
if domain == "" {
return fmt.Errorf("domain cannot be empty")
}
// Basic domain validation - should not include protocol or path
if strings.Contains(domain, "://") {
return fmt.Errorf("domain should not include protocol (https://)")
}
if strings.Contains(domain, "/") {
return fmt.Errorf("domain should not include path")
}
// Check domain format using URL parsing
testURL := "https://" + domain
parsedURL, err := url.Parse(testURL)
if err != nil {
return fmt.Errorf("invalid domain format: %w", err)
}
if parsedURL.Hostname() != domain {
return fmt.Errorf("invalid domain format")
}
return nil
}
// validateServicePermissions validates the permissions granted to a service-bound credential.
func validateServicePermissions(permissions []string) error {
if len(permissions) == 0 {
return fmt.Errorf("at least one permission must be specified")
}
validPermissions := map[string]bool{
"read": true,
"write": true,
"execute": true,
"admin": true,
"delegate": true,
}
for _, perm := range permissions {
if !validPermissions[perm] {
return fmt.Errorf("invalid permission: %s", perm)
}
}
return nil
}
// GenerateServiceOrigin generates the expected WebAuthn origin for a service domain.
func GenerateServiceOrigin(domain string) (string, error) {
if err := validateServiceDomain(domain); err != nil {
return "", fmt.Errorf("invalid domain: %w", err)
}
return fmt.Sprintf("https://%s", domain), nil
}
// ValidateCredentialForDomain validates that a WebAuthn credential is valid for a specific domain.
// This includes checking the origin and ensuring the credential can be bound to the domain.
func ValidateCredentialForDomain(
credential WebAuthnCredential,
domain string,
challengeToken string,
) error {
if credential == nil {
return fmt.Errorf("credential cannot be nil")
}
// Generate expected origin for the domain
expectedOrigin, err := GenerateServiceOrigin(domain)
if err != nil {
return fmt.Errorf("failed to generate origin: %w", err)
}
// Validate the credential with domain-specific requirements
if err := ValidateForGaslessRegistration(credential, challengeToken, expectedOrigin); err != nil {
return fmt.Errorf("credential validation failed for domain %s: %w", domain, err)
}
return nil
}
// CreateServiceBinding creates a new service binding for a WebAuthn credential.
func CreateServiceBinding(
credentialID string,
domain string,
serviceID string,
permissions []string,
createdAt int64,
) (*ServiceBinding, error) {
if credentialID == "" {
return nil, fmt.Errorf("credential ID cannot be empty")
}
if err := validateServiceDomain(domain); err != nil {
return nil, fmt.Errorf("invalid domain: %w", err)
}
if serviceID == "" {
return nil, fmt.Errorf("service ID cannot be empty")
}
if err := validateServicePermissions(permissions); err != nil {
return nil, fmt.Errorf("invalid permissions: %w", err)
}
origin, err := GenerateServiceOrigin(domain)
if err != nil {
return nil, fmt.Errorf("failed to generate origin: %w", err)
}
return &ServiceBinding{
CredentialID: credentialID,
Domain: domain,
ServiceID: serviceID,
Permissions: permissions,
Origin: origin,
CreatedAt: createdAt,
ExpiresAt: 0, // No expiration by default
}, nil
}
// ValidateServiceBindingPermission checks if a service binding has a specific permission.
func ValidateServiceBindingPermission(binding *ServiceBinding, requiredPermission string) error {
if binding == nil {
return fmt.Errorf("service binding cannot be nil")
}
// Check if the binding has the required permission
for _, perm := range binding.Permissions {
if perm == requiredPermission || perm == "admin" {
return nil // Permission granted
}
}
return fmt.Errorf("permission denied: %s not granted to credential %s for domain %s",
requiredPermission, binding.CredentialID, binding.Domain)
}
// IsServiceBindingExpired checks if a service binding has expired.
func IsServiceBindingExpired(binding *ServiceBinding, currentTime int64) bool {
if binding == nil {
return true
}
// If ExpiresAt is 0, the binding never expires
if binding.ExpiresAt == 0 {
return false
}
return currentTime >= binding.ExpiresAt
}
// ValidateServiceBindingAccess validates that a credential can access a service with specific permissions.
func ValidateServiceBindingAccess(
binding *ServiceBinding,
requiredPermission string,
currentTime int64,
) error {
if binding == nil {
return fmt.Errorf("no service binding found")
}
// Check if binding is expired
if IsServiceBindingExpired(binding, currentTime) {
return fmt.Errorf("service binding expired at %d", binding.ExpiresAt)
}
// Check permission
if err := ValidateServiceBindingPermission(binding, requiredPermission); err != nil {
return err
}
return nil
}
// GenerateServiceBindingID generates a unique ID for a service binding.
func GenerateServiceBindingID(credentialID, domain, serviceID string) string {
return fmt.Sprintf("%s:%s:%s", credentialID, domain, serviceID)
}
// ValidateDomainVerificationForBinding ensures that a domain is properly verified
// before allowing WebAuthn credential binding.
func ValidateDomainVerificationForBinding(
domain string,
verificationStatus string,
verifiedAt int64,
currentTime int64,
) error {
if domain == "" {
return fmt.Errorf("domain cannot be empty")
}
// Check verification status
if verificationStatus != "DOMAIN_VERIFICATION_STATUS_VERIFIED" {
return fmt.Errorf("domain %s is not verified (status: %s)", domain, verificationStatus)
}
// Ensure verification is not too old (e.g., within 30 days)
const maxVerificationAge = 30 * 24 * 60 * 60 // 30 days in seconds
if currentTime-verifiedAt > maxVerificationAge {
return fmt.Errorf(
"domain verification is too old (verified %d seconds ago)",
currentTime-verifiedAt,
)
}
return nil
}
// ExtractDomainFromOrigin extracts the domain from a WebAuthn origin.
func ExtractDomainFromOrigin(origin string) (string, error) {
if origin == "" {
return "", fmt.Errorf("origin cannot be empty")
}
parsedURL, err := url.Parse(origin)
if err != nil {
return "", fmt.Errorf("invalid origin format: %w", err)
}
if parsedURL.Scheme != "https" {
return "", fmt.Errorf("origin must use HTTPS")
}
return parsedURL.Hostname(), nil
}

188
webauthn/sonr_utils.go Normal file
View File

@@ -0,0 +1,188 @@
// Package webauthn provides Sonr-specific WebAuthn utility functions
// that support gasless transaction processing and DID generation.
//
// This package contains utility functions moved from app/ante/webauthn_gasless.go
// to eliminate circular dependencies while providing core WebAuthn functionality.
package webauthn
import (
"crypto/sha256"
"encoding/hex"
"fmt"
sdk "github.com/cosmos/cosmos-sdk/types"
)
// GenerateAddressFromCredential generates a deterministic address from a WebAuthn credential ID.
// This ensures the same credential always generates the same address, allowing for
// predictable account creation without requiring pre-existing blockchain state.
//
// This function is used by the gasless WebAuthn registration system to create
// controller addresses automatically when users don't have existing accounts.
func GenerateAddressFromCredential(credentialID string) sdk.AccAddress {
// Create a deterministic hash from the credential ID
// Add a domain separator to prevent collisions with other address generation methods
domainSeparator := "webauthn_gasless_v1"
data := domainSeparator + credentialID
// Generate SHA256 hash
hash := sha256.Sum256([]byte(data))
// Take the first 20 bytes for the address (Ethereum-compatible)
return sdk.AccAddress(hash[:20])
}
// GenerateDIDFromCredential generates a deterministic DID from a WebAuthn credential.
// This creates a unique, reproducible DID for each WebAuthn credential.
//
// The generated DID follows the format: did:sonr:<hex-encoded-hash-prefix>
// where the hash is derived from the credential ID and username.
func GenerateDIDFromCredential(credentialID string, username string) string {
// Create a deterministic hash from credential ID and username
data := credentialID + ":" + username
hash := sha256.Sum256([]byte(data))
// Create a DID with the sonr method
// Format: did:sonr:<hex-encoded-hash-prefix>
didSuffix := hex.EncodeToString(hash[:16]) // Use first 16 bytes for shorter DIDs
return fmt.Sprintf("did:sonr:%s", didSuffix)
}
// GenerateVerificationMethodID creates a verification method ID for WebAuthn credentials.
// This follows DID standards for verification method identifiers.
func GenerateVerificationMethodID(did, credentialID string) string {
// Create a short hash from the credential ID for uniqueness
hash := sha256.Sum256([]byte(credentialID))
hashSuffix := hex.EncodeToString(hash[:8]) // Use first 8 bytes for compactness
return fmt.Sprintf("%s#webauthn-%s", did, hashSuffix)
}
// IsValidCredentialID validates that a credential ID meets Sonr's requirements.
// WebAuthn credential IDs should be base64url-encoded and of reasonable length.
func IsValidCredentialID(credentialID string) bool {
if credentialID == "" {
return false
}
// Credential IDs should be at least 16 characters (reasonable minimum)
// and not exceed 1024 characters (reasonable maximum)
if len(credentialID) < 16 || len(credentialID) > 1024 {
return false
}
// Basic check for base64url characters
// WebAuthn credential IDs are typically base64url encoded
for _, r := range credentialID {
if !((r >= 'A' && r <= 'Z') ||
(r >= 'a' && r <= 'z') ||
(r >= '0' && r <= '9') ||
r == '-' || r == '_') {
return false
}
}
return true
}
// GenerateChallengeHash creates a deterministic challenge hash for WebAuthn operations.
// This can be used for challenge generation in situations where deterministic challenges are needed.
func GenerateChallengeHash(input string) string {
hash := sha256.Sum256([]byte(input))
return hex.EncodeToString(hash[:])
}
// ExtractOriginFromURL extracts the origin from a URL for WebAuthn origin validation.
// Returns the origin in the format expected by WebAuthn (e.g., "https://example.com").
func ExtractOriginFromURL(url string) string {
// Simple origin extraction - in production this would use proper URL parsing
// For now, return the input assuming it's already a valid origin
return url
}
// ValidateOriginFormat validates that an origin meets WebAuthn requirements.
func ValidateOriginFormat(origin string) error {
if origin == "" {
return fmt.Errorf("origin cannot be empty")
}
// WebAuthn origins must be HTTPS (except localhost for development)
if origin != "http://localhost" &&
origin != "http://127.0.0.1" &&
len(origin) >= 8 &&
origin[:8] != "https://" {
return fmt.Errorf("WebAuthn origins must use HTTPS (or localhost for development)")
}
return nil
}
// CreateDeterministicSeed creates a deterministic seed from multiple inputs.
// This is useful for generating consistent values across different operations.
func CreateDeterministicSeed(inputs ...string) []byte {
var combined string
for _, input := range inputs {
combined += input + ":"
}
hash := sha256.Sum256([]byte(combined))
return hash[:]
}
// FormatCredentialForDisplay formats a credential ID for user-friendly display.
// Truncates long credential IDs while preserving uniqueness for display purposes.
func FormatCredentialForDisplay(credentialID string) string {
if len(credentialID) <= 16 {
return credentialID
}
// Show first 8 and last 8 characters with ellipsis in between
return fmt.Sprintf("%s...%s", credentialID[:8], credentialID[len(credentialID)-8:])
}
// ValidateUsernameFormat validates that a username meets Sonr's requirements.
func ValidateUsernameFormat(username string) error {
if username == "" {
return fmt.Errorf("username cannot be empty")
}
if len(username) < 3 {
return fmt.Errorf("username must be at least 3 characters long")
}
if len(username) > 32 {
return fmt.Errorf("username cannot exceed 32 characters")
}
// Check for valid characters (alphanumeric and some special characters)
for _, r := range username {
if !((r >= 'A' && r <= 'Z') ||
(r >= 'a' && r <= 'z') ||
(r >= '0' && r <= '9') ||
r == '-' || r == '_' || r == '.') {
return fmt.Errorf("username contains invalid character: %c", r)
}
}
return nil
}
// GenerateAccountSeq generates a deterministic account sequence for gasless transactions.
// This ensures consistent account sequence handling for WebAuthn gasless transactions.
func GenerateAccountSeq(credentialID string, blockHeight int64) uint64 {
data := fmt.Sprintf("%s:%d", credentialID, blockHeight)
hash := sha256.Sum256([]byte(data))
// Convert first 8 bytes to uint64
var seq uint64
for i := 0; i < 8; i++ {
seq = seq<<8 + uint64(hash[i])
}
// Ensure it's not zero
if seq == 0 {
seq = 1
}
return seq
}

437
webauthn/sonr_validation.go Normal file
View File

@@ -0,0 +1,437 @@
// Package webauthn provides Sonr-specific WebAuthn validation extensions
// that integrate with the comprehensive WebAuthn protocol implementation.
//
// This package contains validation methods moved from x/did/types/webauthn.go
// to eliminate circular dependencies while leveraging the full WebAuthn protocol stack.
package webauthn
import (
"crypto/sha256"
"encoding/base64"
"encoding/json"
"fmt"
"slices"
"github.com/sonr-io/common/webauthn/webauthncbor"
"github.com/sonr-io/common/webauthn/webauthncose"
)
// WebAuthnCredential defines the interface that WebAuthn credentials must implement
// This avoids circular dependencies while allowing validation of any credential type
type WebAuthnCredential interface {
GetCredentialId() string
GetPublicKey() []byte
GetAlgorithm() int32
GetRawId() string
GetClientDataJson() string
GetAttestationObject() string
GetOrigin() string
}
// ClientData represents the parsed client data JSON from WebAuthn
type ClientData struct {
Type string `json:"type"`
Challenge string `json:"challenge"`
Origin string `json:"origin"`
}
// ValidateStructure validates a WebAuthn credential for gasless transaction processing.
// This method performs cryptographic validation to ensure the credential is legitimate
// and prevents abuse of the gasless registration system.
//
// Validation checks:
// 1. Required fields are present (credential_id, public_key, algorithm)
// 2. Algorithm is supported (ES256, RS256)
// 3. Public key can be parsed successfully
// 4. Raw ID matches credential ID when base64url decoded
func ValidateStructure(c WebAuthnCredential) error {
if c == nil {
return fmt.Errorf("credential cannot be nil")
}
// Validate required fields
if c.GetCredentialId() == "" {
return fmt.Errorf("credential_id is required")
}
if len(c.GetPublicKey()) == 0 {
return fmt.Errorf("public_key is required")
}
if c.GetAlgorithm() == 0 {
return fmt.Errorf("algorithm is required")
}
// Validate supported algorithms
switch c.GetAlgorithm() {
case -7: // ES256
case -257: // RS256
default:
return fmt.Errorf("unsupported algorithm: %d", c.GetAlgorithm())
}
// Validate public key can be parsed
if err := validatePublicKeyFormat(c); err != nil {
return fmt.Errorf("invalid public key format: %v", err)
}
// Validate raw_id matches credential_id when decoded
if c.GetRawId() != "" {
decodedRawID, err := base64.RawURLEncoding.DecodeString(c.GetRawId())
if err != nil {
return fmt.Errorf("invalid raw_id encoding: %v", err)
}
decodedCredID, err := base64.RawURLEncoding.DecodeString(c.GetCredentialId())
if err != nil {
return fmt.Errorf("invalid credential_id encoding: %v", err)
}
if string(decodedRawID) != string(decodedCredID) {
return fmt.Errorf("raw_id does not match credential_id")
}
}
return nil
}
// validatePublicKeyFormat validates that the public key can be parsed according to the specified algorithm.
// WebAuthn public keys are typically in COSE format, so we use the webauthncose package for parsing.
func validatePublicKeyFormat(c WebAuthnCredential) error {
// Use the comprehensive COSE public key parser from the WebAuthn library
parsedKey, err := webauthncose.ParsePublicKey(c.GetPublicKey())
if err != nil {
return fmt.Errorf("failed to parse COSE public key: %w", err)
}
// Validate the parsed key matches the expected algorithm
switch c.GetAlgorithm() {
case -7: // ES256 (ECDSA with P-256 and SHA-256)
cosePubKey, ok := parsedKey.(webauthncose.EC2PublicKeyData)
if !ok {
return fmt.Errorf(
"public key type mismatch: expected EC2PublicKeyData for ES256 algorithm, got %T",
parsedKey,
)
}
// Validate that we can construct a valid ECDSA public key from the COSE data
if len(cosePubKey.XCoord) != 32 || len(cosePubKey.YCoord) != 32 {
return fmt.Errorf(
"invalid ECDSA coordinate length: x=%d, y=%d (expected 32 bytes each)",
len(cosePubKey.XCoord),
len(cosePubKey.YCoord),
)
}
// Verify the algorithm matches
if cosePubKey.Algorithm != -7 {
return fmt.Errorf(
"algorithm mismatch: COSE key algorithm %d, expected ES256 (-7)",
cosePubKey.Algorithm,
)
}
return nil
case -257: // RS256 (RSASSA-PKCS1-v1_5 with SHA-256)
cosePubKey, ok := parsedKey.(webauthncose.RSAPublicKeyData)
if !ok {
return fmt.Errorf(
"public key type mismatch: expected RSAPublicKeyData for RS256 algorithm, got %T",
parsedKey,
)
}
// Validate RSA key components
if len(cosePubKey.Modulus) == 0 || len(cosePubKey.Exponent) == 0 {
return fmt.Errorf("invalid RSA key: empty modulus or exponent")
}
// Verify the algorithm matches
if cosePubKey.Algorithm != -257 {
return fmt.Errorf(
"algorithm mismatch: COSE key algorithm %d, expected RS256 (-257)",
cosePubKey.Algorithm,
)
}
return nil
default:
return fmt.Errorf("unsupported algorithm for validation: %d", c.GetAlgorithm())
}
}
// ValidateAttestation performs security validation of WebAuthn credential data.
// This performs essential security checks while leveraging the comprehensive
// WebAuthn protocol validation framework where possible.
//
// Security checks performed:
// 1. Challenge verification against provided challenge
// 2. Origin validation against expected origin
// 3. Client data JSON structure validation
// 4. Basic attestation object presence validation
func ValidateAttestation(c WebAuthnCredential, challenge, expectedOrigin string) error {
if c == nil {
return fmt.Errorf("credential cannot be nil")
}
// Validate that we have the required attestation data
if c.GetClientDataJson() == "" {
return fmt.Errorf("client_data_json is required for attestation validation")
}
if c.GetAttestationObject() == "" {
return fmt.Errorf("attestation_object is required for attestation validation")
}
// Parse and validate client data JSON
clientData, err := parseClientDataJSON(c.GetClientDataJson())
if err != nil {
return fmt.Errorf("failed to parse client data JSON: %w", err)
}
// Validate challenge
if challenge != "" && clientData.Challenge != challenge {
return fmt.Errorf(
"challenge mismatch: expected %s, got %s",
challenge,
clientData.Challenge,
)
}
// Validate origin
if expectedOrigin != "" && clientData.Origin != expectedOrigin {
return fmt.Errorf("origin mismatch: expected %s, got %s", expectedOrigin, clientData.Origin)
}
// Validate type is "webauthn.create" for registration
if clientData.Type != "webauthn.create" {
return fmt.Errorf(
"invalid client data type: expected 'webauthn.create', got %s",
clientData.Type,
)
}
// Validate attestation object is valid base64url and has reasonable size
attestationBytes, err := base64.RawURLEncoding.DecodeString(c.GetAttestationObject())
if err != nil {
return fmt.Errorf("invalid attestation object encoding: %w", err)
}
// Basic size validation - attestation objects should be at least 100 bytes
if len(attestationBytes) < 100 {
return fmt.Errorf("attestation object too small: %d bytes", len(attestationBytes))
}
return nil
}
// parseClientDataJSON parses the base64url-encoded client data JSON
func parseClientDataJSON(clientDataJSON string) (*ClientData, error) {
clientDataBytes, err := base64.RawURLEncoding.DecodeString(clientDataJSON)
if err != nil {
return nil, fmt.Errorf("failed to decode client data JSON: %w", err)
}
var clientData ClientData
if err := json.Unmarshal(clientDataBytes, &clientData); err != nil {
return nil, fmt.Errorf("failed to unmarshal client data JSON: %w", err)
}
return &clientData, nil
}
// ValidateForGaslessRegistration performs comprehensive validation for gasless WebAuthn registration.
// This combines structural validation with cryptographic attestation validation,
// leveraging the full WebAuthn protocol capabilities where applicable.
func ValidateForGaslessRegistration(
c WebAuthnCredential,
challenge, expectedOrigin string,
) error {
// First perform structural validation
if err := ValidateStructure(c); err != nil {
return fmt.Errorf("structural validation failed: %w", err)
}
// Then perform cryptographic attestation validation
// For gasless registration, we require full attestation validation to prevent abuse
if challenge != "" || expectedOrigin != "" {
if err := ValidateAttestation(c, challenge, expectedOrigin); err != nil {
return fmt.Errorf("attestation validation failed: %w", err)
}
}
return nil
}
// ValidateCredentialUniqueness validates that a WebAuthn credential is unique
// across the entire system to prevent reuse attacks in gasless transactions.
func ValidateCredentialUniqueness(credentialID string, existingCredentials []string) error {
if credentialID == "" {
return fmt.Errorf("credential_id cannot be empty")
}
// Check against all existing credentials
if slices.Contains(existingCredentials, credentialID) {
return fmt.Errorf("credential_id already exists: %s", credentialID)
}
return nil
}
// ValidateAlgorithmSupport validates that the specified algorithm is supported
// by the Sonr WebAuthn implementation.
func ValidateAlgorithmSupport(algorithm int32) error {
switch algorithm {
case -7: // ES256 (ECDSA with P-256 and SHA-256)
return nil
case -257: // RS256 (RSASSA-PKCS1-v1_5 with SHA-256)
return nil
default:
return fmt.Errorf(
"unsupported algorithm: %d (only ES256 (-7) and RS256 (-257) are supported)",
algorithm,
)
}
}
// Enhanced validation functions that leverage the full WebAuthn protocol
// ValidateAttestationObjectFormat validates the attestation object format
// using the comprehensive WebAuthn protocol validation framework.
func ValidateAttestationObjectFormat(attestationObject string) error {
if attestationObject == "" {
return fmt.Errorf("attestation_object is required")
}
// Decode the attestation object
attestationBytes, err := base64.RawURLEncoding.DecodeString(attestationObject)
if err != nil {
return fmt.Errorf("invalid attestation object encoding: %w", err)
}
// Validate minimum size
if len(attestationBytes) < 100 {
return fmt.Errorf("attestation object too small: %d bytes", len(attestationBytes))
}
// Use the existing WebAuthn protocol CBOR unmarshaling for validation
var attestationObj AttestationObject
if err := webauthncbor.Unmarshal(attestationBytes, &attestationObj); err != nil {
return fmt.Errorf("failed to unmarshal attestation object: %w", err)
}
// Validate authenticator data can be unmarshaled
if err := attestationObj.AuthData.Unmarshal(attestationObj.RawAuthData); err != nil {
return fmt.Errorf("failed to unmarshal authenticator data: %w", err)
}
// Check for attested credential data flag
if !attestationObj.AuthData.Flags.HasAttestedCredentialData() {
return fmt.Errorf("attestation missing attested credential data flag")
}
return nil
}
// ValidateClientDataJSONFormat validates the client data JSON format
// and returns the parsed client data using the WebAuthn protocol structures.
func ValidateClientDataJSONFormat(clientDataJSON string) (*ClientData, error) {
if clientDataJSON == "" {
return nil, fmt.Errorf("client_data_json is required")
}
// Use the existing WebAuthn protocol's CollectedClientData for validation
clientDataBytes, err := base64.RawURLEncoding.DecodeString(clientDataJSON)
if err != nil {
return nil, fmt.Errorf("failed to decode client data JSON: %w", err)
}
var collectedData CollectedClientData
if err := json.Unmarshal(clientDataBytes, &collectedData); err != nil {
return nil, fmt.Errorf("failed to unmarshal client data JSON: %w", err)
}
// Convert to our simple ClientData format for compatibility
return &ClientData{
Type: string(collectedData.Type),
Challenge: collectedData.Challenge,
Origin: collectedData.Origin,
}, nil
}
// ValidateWithProtocol validates a WebAuthn credential using the full protocol validation.
// This leverages the comprehensive attestation and client data validation from the WebAuthn library.
func ValidateWithProtocol(
c WebAuthnCredential,
challenge string,
rpOrigins []string,
rpID string,
userVerificationRequired bool,
) error {
if c == nil {
return fmt.Errorf("credential cannot be nil")
}
// Create a CredentialCreationResponse from our credential data
ccr := &CredentialCreationResponse{
PublicKeyCredential: PublicKeyCredential{
Credential: Credential{
ID: c.GetCredentialId(),
Type: "public-key",
},
RawID: URLEncodedBase64(c.GetRawId()),
},
AttestationResponse: AuthenticatorAttestationResponse{
AuthenticatorResponse: AuthenticatorResponse{
ClientDataJSON: URLEncodedBase64(c.GetClientDataJson()),
},
AttestationObject: URLEncodedBase64(c.GetAttestationObject()),
},
}
// Parse the credential creation response using the full WebAuthn protocol
parsed, err := ccr.Parse()
if err != nil {
return fmt.Errorf("failed to parse credential with WebAuthn protocol: %w", err)
}
// Validate client data using the full protocol validation
err = parsed.Response.CollectedClientData.Verify(
challenge,
CreateCeremony,
rpOrigins,
[]string{}, // rpTopOrigins - empty for basic validation
TopOriginDefaultVerificationMode,
)
if err != nil {
return fmt.Errorf("client data validation failed: %w", err)
}
// Create client data hash for attestation verification
clientDataBytes, err := base64.RawURLEncoding.DecodeString(c.GetClientDataJson())
if err != nil {
return fmt.Errorf("failed to decode client data JSON: %w", err)
}
clientDataHash := sha256.Sum256(clientDataBytes)
// Validate the attestation object
err = parsed.Response.AttestationObject.Verify(
rpID,
clientDataHash[:],
userVerificationRequired,
true, // user presence required
nil, // metadata provider - optional
[]CredentialParameter{
{Type: "public-key", Algorithm: -7}, // ES256
{Type: "public-key", Algorithm: -257}, // RS256
},
)
if err != nil {
return fmt.Errorf("attestation validation failed: %w", err)
}
return nil
}

33
webauthn/webauthncbor/webauthncbor.go Normal file
View File

@@ -0,0 +1,33 @@
package webauthncbor
import "github.com/fxamacker/cbor/v2"
const nestedLevelsAllowed = 4
// ctap2CBORDecMode is the cbor.DecMode following the CTAP2 canonical CBOR encoding form
// (https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#message-encoding)
var ctap2CBORDecMode, _ = cbor.DecOptions{
DupMapKey: cbor.DupMapKeyEnforcedAPF,
MaxNestedLevels: nestedLevelsAllowed,
IndefLength: cbor.IndefLengthForbidden,
TagsMd: cbor.TagsForbidden,
}.DecMode()
var ctap2CBOREncMode, _ = cbor.CTAP2EncOptions().EncMode()
// Unmarshal parses the CBOR-encoded data into the value pointed to by v
// following the CTAP2 canonical CBOR encoding form.
// (https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#message-encoding)
func Unmarshal(data []byte, v any) error {
// TODO (james-d-elliott): investigate the specific use case for Unmarshal vs UnmarshalFirst to determine the edge cases where this may be useful.
_, err := ctap2CBORDecMode.UnmarshalFirst(data, v)
return err
}
// Marshal encodes the value pointed to by v
// following the CTAP2 canonical CBOR encoding form.
// (https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#message-encoding)
func Marshal(v any) ([]byte, error) {
return ctap2CBOREncMode.Marshal(v)
}

5
webauthn/webauthncose/const.go Normal file
View File

@@ -0,0 +1,5 @@
package webauthncose
const (
keyCannotDisplay = "Cannot display key"
)

10
webauthn/webauthncose/ed25519.go Normal file
View File

@@ -0,0 +1,10 @@
package webauthncose
import (
"crypto/ed25519"
"crypto/x509"
)
func marshalEd25519PublicKey(pub ed25519.PublicKey) ([]byte, error) {
return x509.MarshalPKIXPublicKey(pub)
}

547
webauthn/webauthncose/webauthncose.go Normal file
View File

@@ -0,0 +1,547 @@
package webauthncose
import (
"crypto"
"crypto/ecdsa"
"crypto/ed25519"
"crypto/elliptic"
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"encoding/pem"
"fmt"
"hash"
"math/big"
"github.com/google/go-tpm/legacy/tpm2"
"github.com/sonr-io/common/webauthn/webauthncbor"
)
// CredentialPublicKey represents a COSE_Key-encoded credential public key
// as defined in the WebAuthn specification. This structure supports various
// key types including EC2, RSA, and OKP (EdDSA).
//
// Specification: §6.4.1.1. Examples of credentialPublicKey Values Encoded in COSE_Key Format
type CredentialPublicKey struct {
// The type of key created. Should be OKP (1), EC2 (2), or RSA (3).
KeyType int64 `cbor:"1,keyasint" json:"kty"`
// A COSEAlgorithmIdentifier for the algorithm used to derive the key signature.
Algorithm int64 `cbor:"3,keyasint" json:"alg"`
// For EC2 keys: the curve identifier (-1)
Curve int64 `cbor:"-1,keyasint,omitempty" json:"crv,omitempty"`
// For EC2 keys: X coordinate (-2)
XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x,omitempty"`
// For EC2 keys: Y coordinate (-3)
YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y,omitempty"`
// For RSA keys: modulus n (-1)
Modulus []byte `cbor:"-1,keyasint,omitempty" json:"n,omitempty"`
// For RSA keys: exponent e (-2)
Exponent []byte `cbor:"-2,keyasint,omitempty" json:"e,omitempty"`
}
// GetKeyType returns the COSE key type
func (cpk *CredentialPublicKey) GetKeyType() COSEKeyType {
return COSEKeyType(cpk.KeyType)
}
// GetAlgorithm returns the COSE algorithm identifier
func (cpk *CredentialPublicKey) GetAlgorithm() COSEAlgorithmIdentifier {
return COSEAlgorithmIdentifier(cpk.Algorithm)
}
// GetCurve returns the elliptic curve for EC2 keys
func (cpk *CredentialPublicKey) GetCurve() COSEEllipticCurve {
return COSEEllipticCurve(cpk.Curve)
}
// PublicKeyData The public key portion of a Relying Party-specific credential key pair, generated
// by an authenticator and returned to a Relying Party at registration time. We unpack this object
// using fxamacker's cbor library ("github.com/fxamacker/cbor/v2") which is why there are cbor tags
// included. The tag field values correspond to the IANA COSE keys that give their respective
// values.
//
// Specification: §6.4.1.1. Examples of credentialPublicKey Values Encoded in COSE_Key Format (https://www.w3.org/TR/webauthn/#sctn-encoded-credPubKey-examples)
type PublicKeyData struct {
// Decode the results to int by default.
_struct bool `cbor:",keyasint" json:"public_key"`
// The type of key created. Should be OKP, EC2, or RSA.
KeyType int64 `cbor:"1,keyasint" json:"kty"`
// A COSEAlgorithmIdentifier for the algorithm used to derive the key signature.
Algorithm int64 `cbor:"3,keyasint" json:"alg"`
}
const ecCoordSize = 32
type EC2PublicKeyData struct {
PublicKeyData
// If the key type is EC2, the curve on which we derive the signature from.
Curve int64 `cbor:"-1,keyasint,omitempty" json:"crv"`
// A byte string 32 bytes in length that holds the x coordinate of the key.
XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"`
// A byte string 32 bytes in length that holds the y coordinate of the key.
YCoord []byte `cbor:"-3,keyasint,omitempty" json:"y"`
}
type RSAPublicKeyData struct {
PublicKeyData
// Represents the modulus parameter for the RSA algorithm.
Modulus []byte `cbor:"-1,keyasint,omitempty" json:"n"`
// Represents the exponent parameter for the RSA algorithm.
Exponent []byte `cbor:"-2,keyasint,omitempty" json:"e"`
}
type OKPPublicKeyData struct {
PublicKeyData
Curve int64
// A byte string that holds the x coordinate of the key.
XCoord []byte `cbor:"-2,keyasint,omitempty" json:"x"`
}
// Verify Octet Key Pair (OKP) Public Key Signature.
func (k *OKPPublicKeyData) Verify(data []byte, sig []byte) (bool, error) {
var key ed25519.PublicKey = make([]byte, ed25519.PublicKeySize)
copy(key, k.XCoord)
return ed25519.Verify(key, data, sig), nil
}
// Verify Elliptic Curve Public Key Signature.
func (k *EC2PublicKeyData) Verify(data []byte, sig []byte) (bool, error) {
curve := EC2AlgCurve(k.Algorithm)
if curve == nil {
return false, ErrUnsupportedAlgorithm
}
pubkey := &ecdsa.PublicKey{
Curve: curve,
X: big.NewInt(0).SetBytes(k.XCoord),
Y: big.NewInt(0).SetBytes(k.YCoord),
}
h := HasherFromCOSEAlg(COSEAlgorithmIdentifier(k.PublicKeyData.Algorithm))
h.Write(data)
type ECDSASignature struct {
R, S *big.Int
}
e := &ECDSASignature{}
_, err := asn1.Unmarshal(sig, e)
if err != nil {
return false, ErrSigNotProvidedOrInvalid
}
return ecdsa.Verify(pubkey, h.Sum(nil), e.R, e.S), nil
}
// Verify RSA Public Key Signature.
func (k *RSAPublicKeyData) Verify(data []byte, sig []byte) (bool, error) {
pubkey := &rsa.PublicKey{
N: big.NewInt(0).SetBytes(k.Modulus),
E: int(uint(k.Exponent[2]) | uint(k.Exponent[1])<<8 | uint(k.Exponent[0])<<16),
}
coseAlg := COSEAlgorithmIdentifier(k.PublicKeyData.Algorithm)
algDetail, ok := COSESignatureAlgorithmDetails[coseAlg]
if !ok {
return false, ErrUnsupportedAlgorithm
}
hash := algDetail.hash
h := hash.New()
h.Write(data)
switch coseAlg {
case AlgPS256, AlgPS384, AlgPS512:
err := rsa.VerifyPSS(pubkey, hash, h.Sum(nil), sig, nil)
return err == nil, err
case AlgRS1, AlgRS256, AlgRS384, AlgRS512:
err := rsa.VerifyPKCS1v15(pubkey, hash, h.Sum(nil), sig)
return err == nil, err
default:
return false, ErrUnsupportedAlgorithm
}
}
// ParsePublicKey figures out what kind of COSE material was provided and create the data for the new key.
func ParsePublicKey(keyBytes []byte) (any, error) {
pk := PublicKeyData{}
// TODO (james-d-elliott): investigate the ignored errors.
webauthncbor.Unmarshal(keyBytes, &pk)
switch COSEKeyType(pk.KeyType) {
case OctetKey:
var o OKPPublicKeyData
webauthncbor.Unmarshal(keyBytes, &o)
o.PublicKeyData = pk
return o, nil
case EllipticKey:
var e EC2PublicKeyData
webauthncbor.Unmarshal(keyBytes, &e)
e.PublicKeyData = pk
return e, nil
case RSAKey:
var r RSAPublicKeyData
webauthncbor.Unmarshal(keyBytes, &r)
r.PublicKeyData = pk
return r, nil
default:
return nil, ErrUnsupportedKey
}
}
// ParseFIDOPublicKey is only used when the appID extension is configured by the assertion response.
func ParseFIDOPublicKey(keyBytes []byte) (data EC2PublicKeyData, err error) {
x, y := elliptic.Unmarshal(elliptic.P256(), keyBytes)
if x == nil || y == nil {
return data, fmt.Errorf("elliptic unmarshall returned a nil value")
}
return EC2PublicKeyData{
PublicKeyData: PublicKeyData{
Algorithm: int64(AlgES256),
},
XCoord: x.FillBytes(make([]byte, ecCoordSize)),
YCoord: y.FillBytes(make([]byte, ecCoordSize)),
}, nil
}
func VerifySignature(key any, data []byte, sig []byte) (bool, error) {
switch k := key.(type) {
case OKPPublicKeyData:
return k.Verify(data, sig)
case EC2PublicKeyData:
return k.Verify(data, sig)
case RSAPublicKeyData:
return k.Verify(data, sig)
default:
return false, ErrUnsupportedKey
}
}
func DisplayPublicKey(cpk []byte) string {
parsedKey, err := ParsePublicKey(cpk)
if err != nil {
return keyCannotDisplay
}
switch k := parsedKey.(type) {
case RSAPublicKeyData:
rKey := &rsa.PublicKey{
N: big.NewInt(0).SetBytes(k.Modulus),
E: int(uint(k.Exponent[2]) | uint(k.Exponent[1])<<8 | uint(k.Exponent[0])<<16),
}
data, err := x509.MarshalPKIXPublicKey(rKey)
if err != nil {
return keyCannotDisplay
}
pemBytes := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: data,
})
return string(pemBytes)
case EC2PublicKeyData:
curve := EC2AlgCurve(k.Algorithm)
if curve == nil {
return keyCannotDisplay
}
eKey := &ecdsa.PublicKey{
Curve: curve,
X: big.NewInt(0).SetBytes(k.XCoord),
Y: big.NewInt(0).SetBytes(k.YCoord),
}
data, err := x509.MarshalPKIXPublicKey(eKey)
if err != nil {
return keyCannotDisplay
}
pemBytes := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: data,
})
return string(pemBytes)
case OKPPublicKeyData:
if len(k.XCoord) != ed25519.PublicKeySize {
return keyCannotDisplay
}
var oKey ed25519.PublicKey = make([]byte, ed25519.PublicKeySize)
copy(oKey, k.XCoord)
data, err := marshalEd25519PublicKey(oKey)
if err != nil {
return keyCannotDisplay
}
pemBytes := pem.EncodeToMemory(&pem.Block{
Type: "PUBLIC KEY",
Bytes: data,
})
return string(pemBytes)
default:
return "Cannot display key of this type"
}
}
// COSEAlgorithmIdentifier is a number identifying a cryptographic algorithm. The algorithm identifiers SHOULD be values
// registered in the IANA COSE Algorithms registry [https://www.w3.org/TR/webauthn/#biblio-iana-cose-algs-reg], for
// instance, -7 for "ES256" and -257 for "RS256".
//
// Specification: §5.8.5. Cryptographic Algorithm Identifier (https://www.w3.org/TR/webauthn/#sctn-alg-identifier)
type COSEAlgorithmIdentifier int
const (
// AlgES256 ECDSA with SHA-256.
AlgES256 COSEAlgorithmIdentifier = -7
// AlgEdDSA EdDSA.
AlgEdDSA COSEAlgorithmIdentifier = -8
// AlgES384 ECDSA with SHA-384.
AlgES384 COSEAlgorithmIdentifier = -35
// AlgES512 ECDSA with SHA-512.
AlgES512 COSEAlgorithmIdentifier = -36
// AlgPS256 RSASSA-PSS with SHA-256.
AlgPS256 COSEAlgorithmIdentifier = -37
// AlgPS384 RSASSA-PSS with SHA-384.
AlgPS384 COSEAlgorithmIdentifier = -38
// AlgPS512 RSASSA-PSS with SHA-512.
AlgPS512 COSEAlgorithmIdentifier = -39
// AlgES256K is ECDSA using secp256k1 curve and SHA-256.
AlgES256K COSEAlgorithmIdentifier = -47
// AlgRS256 RSASSA-PKCS1-v1_5 with SHA-256.
AlgRS256 COSEAlgorithmIdentifier = -257
// AlgRS384 RSASSA-PKCS1-v1_5 with SHA-384.
AlgRS384 COSEAlgorithmIdentifier = -258
// AlgRS512 RSASSA-PKCS1-v1_5 with SHA-512.
AlgRS512 COSEAlgorithmIdentifier = -259
// AlgRS1 RSASSA-PKCS1-v1_5 with SHA-1.
AlgRS1 COSEAlgorithmIdentifier = -65535
)
// COSEKeyType is The Key type derived from the IANA COSE AuthData.
type COSEKeyType int
const (
// KeyTypeReserved is a reserved value.
KeyTypeReserved COSEKeyType = iota
// OctetKey is an Octet Key.
OctetKey
// EllipticKey is an Elliptic Curve Public Key.
EllipticKey
// RSAKey is an RSA Public Key.
RSAKey
// Symmetric Keys.
Symmetric
// HSSLMS is the public key for HSS/LMS hash-based digital signature.
HSSLMS
)
// COSEEllipticCurve is an enumerator that represents the COSE Elliptic Curves.
//
// Specification: https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
type COSEEllipticCurve int
const (
// EllipticCurveReserved is the COSE EC Reserved value.
EllipticCurveReserved COSEEllipticCurve = iota
// P256 represents NIST P-256 also known as secp256r1.
P256
// P384 represents NIST P-384 also known as secp384r1.
P384
// P521 represents NIST P-521 also known as secp521r1.
P521
// X25519 for use w/ ECDH only.
X25519
// X448 for use w/ ECDH only.
X448
// Ed25519 for use w/ EdDSA only.
Ed25519
// Ed448 for use w/ EdDSA only.
Ed448
// Secp256k1 is the SECG secp256k1 curve.
Secp256k1
)
func (k *EC2PublicKeyData) TPMCurveID() tpm2.EllipticCurve {
switch COSEEllipticCurve(k.Curve) {
case P256:
return tpm2.CurveNISTP256 // TPM_ECC_NIST_P256.
case P384:
return tpm2.CurveNISTP384 // TPM_ECC_NIST_P384.
case P521:
return tpm2.CurveNISTP521 // TPM_ECC_NIST_P521.
default:
return tpm2.EllipticCurve(0) // TPM_ECC_NONE.
}
}
// EC2AlgCurve returns the elliptic curve based on the COSE algorithm identifier
func EC2AlgCurve(coseAlg int64) elliptic.Curve {
switch COSEAlgorithmIdentifier(coseAlg) {
case AlgES512: // IANA COSE code for ECDSA w/ SHA-512.
return elliptic.P521()
case AlgES384: // IANA COSE code for ECDSA w/ SHA-384.
return elliptic.P384()
case AlgES256: // IANA COSE code for ECDSA w/ SHA-256.
return elliptic.P256()
default:
return nil
}
}
// SigAlgFromCOSEAlg return which signature algorithm is being used from the COSE Key.
func SigAlgFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) x509.SignatureAlgorithm {
d, ok := COSESignatureAlgorithmDetails[coseAlg]
if !ok {
return x509.UnknownSignatureAlgorithm
}
return d.sigAlg
}
// HasherFromCOSEAlg returns the Hashing interface to be used for a given COSE Algorithm.
func HasherFromCOSEAlg(coseAlg COSEAlgorithmIdentifier) hash.Hash {
d, ok := COSESignatureAlgorithmDetails[coseAlg]
if !ok {
// default to SHA256? Why not.
return crypto.SHA256.New()
}
return d.hash.New()
}
var COSESignatureAlgorithmDetails = map[COSEAlgorithmIdentifier]struct {
name string
hash crypto.Hash
sigAlg x509.SignatureAlgorithm
}{
AlgRS1: {"SHA1-RSA", crypto.SHA1, x509.SHA1WithRSA},
AlgRS256: {"SHA256-RSA", crypto.SHA256, x509.SHA256WithRSA},
AlgRS384: {"SHA384-RSA", crypto.SHA384, x509.SHA384WithRSA},
AlgRS512: {"SHA512-RSA", crypto.SHA512, x509.SHA512WithRSA},
AlgPS256: {"SHA256-RSAPSS", crypto.SHA256, x509.SHA256WithRSAPSS},
AlgPS384: {"SHA384-RSAPSS", crypto.SHA384, x509.SHA384WithRSAPSS},
AlgPS512: {"SHA512-RSAPSS", crypto.SHA512, x509.SHA512WithRSAPSS},
AlgES256: {"ECDSA-SHA256", crypto.SHA256, x509.ECDSAWithSHA256},
AlgES384: {"ECDSA-SHA384", crypto.SHA384, x509.ECDSAWithSHA384},
AlgES512: {"ECDSA-SHA512", crypto.SHA512, x509.ECDSAWithSHA512},
AlgEdDSA: {"EdDSA", crypto.SHA512, x509.PureEd25519},
}
type Error struct {
// Short name for the type of error that has occurred.
Type string `json:"type"`
// Additional details about the error.
Details string `json:"error"`
// Information to help debug the error.
DevInfo string `json:"debug"`
}
var (
ErrUnsupportedKey = &Error{
Type: "invalid_key_type",
Details: "Unsupported Public Key Type",
}
ErrUnsupportedAlgorithm = &Error{
Type: "unsupported_key_algorithm",
Details: "Unsupported public key algorithm",
}
ErrSigNotProvidedOrInvalid = &Error{
Type: "signature_not_provided_or_invalid",
Details: "Signature invalid or not provided",
}
)
func (err *Error) Error() string {
return err.Details
}
func (passedError *Error) WithDetails(details string) *Error {
err := *passedError
err.Details = details
return &err
}
// VerifyEC2PublicKeyMatch verifies that an EC2 public key from credential data
// matches the public key in an X.509 certificate. Used in attestation validation.
func VerifyEC2PublicKeyMatch(credentialPubKey any, certPubKey crypto.PublicKey) error {
credPK, ok := credentialPubKey.(EC2PublicKeyData)
if !ok {
return ErrUnsupportedKey.WithDetails("Credential public key is not EC2 format")
}
certECDSA, ok := certPubKey.(*ecdsa.PublicKey)
if !ok {
return ErrUnsupportedKey.WithDetails("Certificate public key is not ECDSA format")
}
// Convert credential public key to ecdsa.PublicKey for comparison
credECDSA := &ecdsa.PublicKey{
Curve: elliptic.P256(),
X: big.NewInt(0).SetBytes(credPK.XCoord),
Y: big.NewInt(0).SetBytes(credPK.YCoord),
}
if !credECDSA.Equal(certECDSA) {
return ErrSigNotProvidedOrInvalid.WithDetails(
"Certificate public key does not match credential public key",
)
}
return nil
}

140
webauthn/webauthncose/webauthncose_test.go Normal file
View File

@@ -0,0 +1,140 @@
package webauthncose
import (
"crypto/ed25519"
"crypto/rand"
"encoding/hex"
"testing"
"github.com/stretchr/testify/assert"
"github.com/sonr-io/common/webauthn/webauthncbor"
)
// TestOKPSignatureVerification is a compatibility test to ensure that removing
// a previously used dependency doesn't introduce new issues.
//
// Since OKPs are used to represent Ed25519 keys, this test largely ensures
// that the underlying Ed25519 signature verification passes.
func TestOKPSignatureVerification(t *testing.T) {
pub, priv, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
t.Fatalf("error creating ed25519 key: %v", err)
}
data := []byte("Sample data to sign")
validSig := ed25519.Sign(priv, data)
invalidSig := []byte("invalid")
key := OKPPublicKeyData{
XCoord: pub,
}
// Test that a valid signature passes.
ok, err := key.Verify(data, validSig)
if err != nil {
t.Fatalf("error verifying okp signature: %v", err)
}
if !ok {
t.Fatalf("valid signature wasn't properly verified")
}
// And that an invalid signature fails.
ok, err = key.Verify(data, invalidSig)
if err != nil {
t.Fatalf("error verifying okp signature: %v", err)
}
if ok {
t.Fatalf("invalid signature was incorrectly verified")
}
}
func TestP256SignatureVerification(t *testing.T) {
// Private/public key pair was generated with the following:
//
// $ openssl ecparam -genkey -name secp256r1 -noout -out private_key.pem
// $ openssl ec -in private_key.pem -noout -text
// Private-Key: (256 bit)
// priv:
// 48:7f:36:1d:df:d7:34:40:e7:07:f4:da:a6:77:5b:
// 37:68:59:e8:a3:c9:f2:9b:3b:b6:94:a1:29:27:c0:
// 21:3c
// pub:
// 04:f7:39:f8:c7:7b:32:f4:d5:f1:32:65:86:1f:eb:
// d7:6e:7a:9c:61:a1:14:0d:29:6b:8c:16:30:25:08:
// 87:03:16:c2:49:70:ad:78:11:cc:d9:da:7f:1b:88:
// f2:02:be:ba:c7:70:66:3e:f5:8b:a6:83:46:18:6d:
// d7:78:20:0d:d4
// ASN1 OID: prime256v1
// NIST CURVE: P-256
// ----.
pubX, err := hex.DecodeString(
"f739f8c77b32f4d5f13265861febd76e7a9c61a1140d296b8c16302508870316",
)
assert.Nil(t, err)
pubY, err := hex.DecodeString(
"c24970ad7811ccd9da7f1b88f202bebac770663ef58ba68346186dd778200dd4",
)
assert.Nil(t, err)
key := EC2PublicKeyData{
// These constants are from https://datatracker.ietf.org/doc/rfc9053/
// (see "ECDSA" and "Elliptic Curve Keys").
PublicKeyData: PublicKeyData{
KeyType: 2, // EC.
Algorithm: -7, // "ES256".
},
Curve: 1, // P-256.
XCoord: pubX,
YCoord: pubY,
}
data := []byte("webauthnFTW")
// Valid signature obtained with:
// $ echo -n 'webauthnFTW' | openssl dgst -sha256 -sign private_key.pem | xxd -ps | tr -d '\n'.
validSig, err := hex.DecodeString(
"3045022053584980793ee4ec01d583f303604c4f85a7e87df3fe9551962c5ab69a5ce27b022100c801fd6186ca4681e87fbbb97c5cb659f039473995a75a9a9dffea2708d6f8fb",
)
assert.Nil(t, err)
// Happy path, verification should succeed.
ok, err := VerifySignature(key, data, validSig)
assert.True(t, ok, "invalid EC signature")
assert.Nil(t, err, "error verifying EC signature")
// Verification against BAD data should fail.
ok, err = VerifySignature(key, []byte("webauthnFTL"), validSig)
assert.Nil(t, err, "error verifying EC signature")
assert.False(t, ok, "verification against bad data is successful!")
}
func TestOKPDisplayPublicKey(t *testing.T) {
// Sample public key generated from ed25519.GenerateKey(rand.Reader).
var pub ed25519.PublicKey = []byte{0x7b, 0x88, 0x10, 0x24, 0xad, 0xc9, 0x82, 0xd3, 0x80, 0xb8, 0x77, 0x1e, 0x3b, 0x9b, 0xf8, 0xe4, 0xb3, 0x99, 0x8b, 0xc7, 0xd0, 0x58, 0x30, 0x66, 0x2, 0xce, 0x4d, 0xf, 0x2f, 0xe4, 0xb7, 0x81}
// The PEM encoded representation of the public key in PKIX, ASN.1 DER format.
expected := `-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAe4gQJK3JgtOAuHceO5v45LOZi8fQWDBmAs5NDy/kt4E=
-----END PUBLIC KEY-----
`
key := OKPPublicKeyData{
XCoord: pub,
PublicKeyData: PublicKeyData{
KeyType: int64(OctetKey),
},
}
// Get the CBOR-encoded representation of the OKPPublicKeyData.
buf, _ := webauthncbor.Marshal(key)
got := DisplayPublicKey(buf)
if got != expected {
t.Fatalf(
"incorrect PEM format received for ed25519 public key. expected\n%#v\n got \n%#v\n",
expected,
got,
)
}
}